[strongSwan] Strange issue. Cant connect.
Christian Salway
christian.salway at naimuri.com
Tue Jun 12 15:45:39 CEST 2018
With that option, its asking for MSCHAPV2
CLIENT
10[IKE] server requested EAP_IDENTITY (id 0x00), sending ‘remote.user'
10[ENC] generating IKE_AUTH request 2 [ EAP/RES/ID ]
10[NET] sending packet: from 192.168.1.31[54408] to x.x.x.x[4500] (112 bytes)
11[NET] received packet: from x.x.x.x[4500] to 192.168.1.31[54408] (112 bytes)
11[ENC] parsed IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]
11[IKE] server requested EAP_MSCHAPV2 authentication (id 0xA8)
SERVER
Jun 12 13:43:19 13[IKE] received EAP identity ‘remote.user'
Jun 12 13:43:19 13[IKE] EAP_MSCHAPV2 method selected
Jun 12 13:43:19 13[IKE] initiating EAP_MSCHAPV2 method (id 0xA8)
> On 12 Jun 2018, at 14:40, Tobias Brunner <tobias at strongswan.org> wrote:
>
> Hi Christian,
>
>> Ok, I changed my command line to now read
>>
>> sudo charon-cmd --host x.x.x.x --identity remote.user --p12 remote.user.p12
>
> The server expects the client to authenticate with EAP, but the client
> will not do that automatically if you configure a private
> key/certificate (it then uses the profile ikev2-pub to use regular
> pubkey authentication). If you want to use EAP-TLS instead, add
> --profile ikev2-eap to the command line.
>
> Regards,
> Tobias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180612/a0d21dec/attachment.html>
More information about the Users
mailing list