[strongSwan] eap-gtc

[Slava Bendersky]

Hello Everyone, 
I am trying configure ikev2 for IOS devices with eap-gtc. But authentication failing no matter what and in /var/log/secure I see 




    1. 
Sep 25 16:21:55 vpn00 charon: pam_console(login:session): getpwnam failed for %any 

    2. 
Sep 25 16:21:55 vpn00 charon: pam_unix(login:session): session closed for user %any 

    3. 
Sep 25 16:21:55 vpn00 charon: pam_console(login:session): getpwnam failed for client1 

    4. 
Sep 25 16:21:55 vpn00 charon: pam_unix(login:session): session closed for user client1 


Where charon send request to pam for valid user and user %any. 
And connection failing. 


Sep 26 14:33:19 11[ENC] <clientrw00|4> parsed IKE_AUTH request 2 [ EAP/RES/ID ] 
Sep 26 14:33:19 11[IKE] <clientrw00|4> received EAP identity 'client1' 
Sep 26 14:33:19 11[IKE] <clientrw00|4> initiating EAP_GTC method (id 0x7D) 
Sep 26 14:33:19 11[ENC] <clientrw00|4> generating IKE_AUTH response 2 [ EAP/REQ/GTC ] 
Sep 26 14:33:19 11[NET] <clientrw00|4> sending packet: from 172.16.1.5[4500] to mypubip[4500] (92 bytes) 
Sep 26 14:33:19 16[NET] <clientrw00|4> received packet: from mypubip[4500] to 172.16.1.5[4500] (76 bytes) 
Sep 26 14:33:19 16[ENC] <clientrw00|4> parsed IKE_AUTH request 3 [ EAP/RES/NAK ] 
Sep 26 14:33:19 16[IKE] <clientrw00|4> received EAP_NAK, sending EAP_FAILURE 
Sep 26 14:33:19 16[ENC] <clientrw00|4> generating IKE_AUTH response 3 [ EAP/FAIL ] 
Sep 26 14:33:19 16[NET] <clientrw00|4> sending packet: from 172.16.1.5[4500] to mypubip[4500] (76 bytes) 


Same setup with mschapv2 works fine. 

Any help thank you. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160926/e187e41b/attachment.html>