[strongSwan] strongSwan as TNC Server constraint check failed: group membership to 'allow' required
Mark M
mark076h at yahoo.com
Thu Jan 12 06:33:05 CET 2017
Hello,
I am trying to setup a strongSwan TNC Server as shown this this guide with the eap-ttls - https://wiki.strongswan.org/projects/strongswan/wiki/TNCS
When my Android client connected to the server it fails and I see this in the strongswan.log;
11[IKE] authentication of 'carol at strongswan.org' with EAP successful11[CFG] constraint check failed: group membership to 'allow' required11[CFG] selected peer config 'rw-allow' inacceptable: non-matching authentication done11[CFG] switching to peer config 'rw-isolate'11[CFG] constraint check failed: group membership to 'isolate' required11[CFG] selected peer config 'rw-isolate' inacceptable: non-matching authentication done11[CFG] no alternative config found11[ENC] added payload of type NOTIFY to message11[ENC] order payloads in message11[ENC] added payload of type NOTIFY to message11[ENC] generating IKE_AUTH response 7 [ N(AUTH_FAILED) ]11[ENC] insert payload NOTIFY into encrypted payload11[ENC] generating payload of type HEADER
How do I resolve this?
Thanks,
Mark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170112/9e530f6b/attachment.html>
More information about the Users
mailing list