[strongSwan] Constrain checking fails while testing with IKEv2 certificate with EAP on an android device
Chinmaya Dwibedy
ckdwibedy at yahoo.com
Fri Apr 29 08:14:22 CEST 2016
Thankyou Tobias for your prompt response. The Gateway configuration for Android (strongSwanVPN Client) setting "IKEv2 Certificate + EAP (Username/Password)". Thuswe need to configure rightauth2=eap-md5 which was missing. This configures asecond authentication round using EAP after doing a first round withcertificate authentication. With this, VPN connection gets established. I think, it hasnothing to do with constraints and eap-dynamic plugin. Pleasecorrect me if I am wrong.
On Thursday, April 28, 2016 10:04 PM, Tobias Brunner <tobias at strongswan.org> wrote:
Hi,
> 12[CFG] constraint requires EAP_MD5, but EAP_NAK was used
You configured rightauth=eap-md5 but your client did not authenticate
with EAP but with its certificate. Check the client configuration.
Regards,
Tobias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160429/a5ef6fb0/attachment.html>
More information about the Users
mailing list