[strongSwan] Strange issue. Cant connect.

Christian Salway christian.salway at naimuri.com
Tue Jun 12 15:45:39 CEST 2018

With that option, its asking for MSCHAPV2


10[IKE] server requested EAP_IDENTITY (id 0x00), sending ‘remote.user'
10[ENC] generating IKE_AUTH request 2 [ EAP/RES/ID ]
10[NET] sending packet: from[54408] to x.x.x.x[4500] (112 bytes)
11[NET] received packet: from x.x.x.x[4500] to[54408] (112 bytes)
11[ENC] parsed IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]
11[IKE] server requested EAP_MSCHAPV2 authentication (id 0xA8)


Jun 12 13:43:19 13[IKE] received EAP identity ‘remote.user'
Jun 12 13:43:19 13[IKE] EAP_MSCHAPV2 method selected
Jun 12 13:43:19 13[IKE] initiating EAP_MSCHAPV2 method (id 0xA8)

> On 12 Jun 2018, at 14:40, Tobias Brunner <tobias at strongswan.org> wrote:
> Hi Christian,
>> Ok, I changed my command line to now read
>> sudo charon-cmd --host x.x.x.x --identity remote.user --p12 remote.user.p12
> The server expects the client to authenticate with EAP, but the client
> will not do that automatically if you configure a private
> key/certificate (it then uses the profile ikev2-pub to use regular
> pubkey authentication).  If you want to use EAP-TLS instead, add
> --profile ikev2-eap to the command line.
> Regards,
> Tobias

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180612/a0d21dec/attachment.html>

More information about the Users mailing list