[strongSwan] Issues with StrongSwan Android client and Azure MFA

Chris Sherry smilinjoe at gmail.com
Tue Jan 8 18:58:30 CET 2019


I am facing an issue with the Android client that I don't see on other
clients (Linux, Windows, OSX, iOS). I am using FortiGates to terminate
IKEv2 VPNs. Auth goes to MFA on-prem that uses MS NPS for RADIUS (MFA is
acting as a proxy). This works on everything but Android. The issue seems
to stem from the fact that the Android device making the connection is also
the mobile authenticator. If I try the VPN from a second Android device
that isn't the mobile authenticator, the VPN works. Also, if I cancel the
VPN connection once authentication starts, I get the MFA prompt (after the
VPN connection is canceled). So it almost seems like the StrongSwan client
is blocking traffic while the VPN connection is being built (after phase 1).

Any help would be appreciated.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190108/548d8b80/attachment.html>

More information about the Users mailing list