[strongSwan] verification of AUTH payload without EAP MSK failed
Christian Salway
christian.salway at naimuri.com
Tue Jul 10 20:58:23 CEST 2018
Any ideas on this one guys? Can't find a solution and its stopped us proceeding. I've emailed Duo support who we use as a RADIUS proxy for MFA but no word back from them either.
> On 10 Jul 2018, at 07:57, Christian Salway <christian.salway at naimuri.com> wrote:
>
> Why would it fail after getting an approved access from RADIUS
>
> 12[CFG] sending RADIUS Access-Request to server 'primary'
> 16[MGR] ignoring request with ID 5, already processing
> 09[MGR] ignoring request with ID 5, already processing
> 12[CFG] received RADIUS Access-Accept from server 'primary'
> 12[IKE] RADIUS authentication of 'test' successful
> 12[IKE] EAP method EAP_MSCHAPV2 succeeded, no MSK established
> 12[ENC] generating IKE_AUTH response 5 [ EAP/SUCC ]
> 12[NET] sending packet: from 172.31.19.40[4500] to 86.2.58.36[4500] (80 bytes)
> 06[NET] received packet: from 86.2.58.36[4500] to 172.31.19.40[4500] (112 bytes)
> 06[ENC] parsed IKE_AUTH request 6 [ AUTH ]
> 06[IKE] verification of AUTH payload without EAP MSK failed
> 06[ENC] generating IKE_AUTH response 6 [ N(AUTH_FAILED) ]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180710/7c605bbe/attachment.html>
More information about the Users
mailing list