[strongSwan] Multi rounds
Christian Salway
christian.salway at naimuri.com
Tue Jul 10 07:18:14 CEST 2018
You say on [1] that "The native iOS and OS X clients are known to work fine with multiple authentication rounds.", yet I have the server configured with multiple rounds using xauth but OSX is only requesting EAP
connections {
radius {
version = 2
send_cert = always
encap = yes
pools = pool1
unique = replace
proposals = aes256-sha256-prfsha256-ecp256-modp2048
local {
id = vpnserver
certs = vpnserver.crt
}
remote {
auth = xauth-radius:passandcode
}
children {
net {
local_ts = 172.31.0.0/16
}
}
}
}
eap-radius {
load = yes
accounting = yes
nas_identifier = vpn-pod1
servers {
primary {
address = 172.31.19.90 # TODO: change to DNS
secret = KFdHr0sgw$kOfFgh # /etc/freeradius/clients.conf
}
}
xauth {
passandcode {
password = Please enter your Password:
passcode = Please enter current authenticator token code:
}
}
}
10[CFG] selected peer config 'radius'
10[IKE] peer requested EAP, config inacceptable
10[CFG] no alternative config found
10[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
10[IKE] peer supports MOBIKE
10[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
[1] https://wiki.strongswan.org/projects/strongswan/wiki/EapRadius#Arbitrary-RADIUS-attribute-forwarding <https://wiki.strongswan.org/projects/strongswan/wiki/EapRadius#Arbitrary-RADIUS-attribute-forwarding>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180710/47a3aaa5/attachment.html>
More information about the Users
mailing list