[strongSwan] Garbage for login/password on eap-radius from Win7
Pete Ashdown
pashdown at xmission.com
Thu Mar 8 19:04:18 CET 2018
Trying to do eap-radius with a stored mschapv2 hash in LDAP. This works, sometimes, via MacOS. However, Win7 and Win10 is just passing garbage to the freeradius server:
freeradius[23803]: Login Incorrect: [\\300\\250\\001\\002/] from client vpn01 (mac=, cli=24.7.43.186[4500], port=IPSec-IKEv2)
radius3 freeradius[23803]: Login Incorrect: [\\300\\250z+/] from client vpn01 (mac=, cli=199.104.120.17[4500], port=IPSec-IKEv2)
Here is what macOS looks like with a bad password:
freeradius[23803]: Login Incorrect: [pashdown/badpassword] from client sine (mac=, cli=, port=)
Here is my ipsec.conf:
# ipsec.conf - strongSwan IPsec configuration file
config setup
charondebug="ike 4, knl 2, cfg 2, net 2, esp 2, dmn 2, mgr 2"
# Add connections here.
conn %default
keyexchange=ikev2
dpdaction=clear
dpddelay=300s
authby=pubkey
conn IPSec-IKEv2
left=166.70.8.21
leftid=vpn.xmission.com
leftsubnet=0.0.0.0/0,::/0
leftcert=vpn_xmission_com.crt
leftsendcert=always
leftfirewall=yes
right=%any
rightid=%any
rightauth=eap-radius
rightdns=198.60.22.22,198.60.22.2,2607:fa18::2,2607:fa18::1
rightsourceip=10.15.0.2-10.15.0.254,2607:fa18:0:beef:f00d::10-2607:fa18:0:be
ef:f00d::1:10
keyexchange=ikev2
auto=add
eap_identity=%any
Any help would be appreciated.
More information about the Users
mailing list