[strongSwan] Constrain checking fails while testing with IKEv2 certificate with EAP on an android device

Chinmaya Dwibedy ckdwibedy at yahoo.com
Fri Apr 29 08:14:22 CEST 2016

Thankyou Tobias for your prompt response. The Gateway configuration for Android (strongSwanVPN Client) setting "IKEv2 Certificate + EAP (Username/Password)". Thuswe need to configure rightauth2=eap-md5 which was missing. This configures asecond authentication round using EAP after doing a first round withcertificate authentication. With this, VPN connection gets established. I think, it hasnothing to do with constraints and eap-dynamic plugin. Pleasecorrect me if I am wrong.

    On Thursday, April 28, 2016 10:04 PM, Tobias Brunner <tobias at strongswan.org> wrote:


> 12[CFG] constraint requires EAP_MD5, but EAP_NAK was used

You configured rightauth=eap-md5 but your client did not authenticate
with EAP but with its certificate.  Check the client configuration.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160429/a5ef6fb0/attachment.html>

More information about the Users mailing list