[strongSwan] MacOS 10.12 Sierra IKEv2 user/password auth

Andreas Steffen andreas.steffen at strongswan.org
Sun Oct 9 18:49:47 CEST 2016


Hi Pete,

there in no AUTH payload in the IKE_AUTH request. This means that
the Mac wants to do EAP-based username/password authentication but
your strongSwan server is not configured for EAP (e.g. EAP-MD5,
EAP-MSCHAPv2 or EAP-GTC).

Regards

Andreas

On 09.10.2016 18:37, Pete Ashdown wrote:
> On 10/9/16 10:29 AM, Noel Kuntze wrote:
>> On 09.10.2016 18:23, Pete Ashdown wrote:
>>> Has anyone actually gotten this to work?  I've tried both the Mac's gui
>>> and Configurator program and a number of iterations of Strongswan
>>> configs and I always end up with this error in the logs:
>>>
>>>      charon: 10[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
>>>
>>> I have no idea where to go from here.  A little help please?
>> You start reading the log lines above that message.
>>
> Thanks for your helpful response, but there is nothing there that sticks
> out as to why the auth fails.  The prior auth entry looks like this:
>
> charon: 10[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT)
> N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6)
> N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]
>
> If you'd like me to paste the whole thing, I can do that, but I'm not
> seeing any smoking guns.
>
> Again, I ask if anyone has actually gotten user/password with IKEv2 to
> work on Sierra.

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3859 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161009/ac1daa6a/attachment.bin>


More information about the Users mailing list