[strongSwan] EAP-PEAP
Michael Schwartzkopff
ms at sys4.de
Fri Jan 24 15:21:29 CET 2020
On 24.01.20 15:14, korsar182 at gmail.com wrote:
> Hi,
> I try to connect strongswan client on Ubuntu 18.04 to the strongswan
> server using EAP-PEAP on Windows Network Policy Server, but it doesn't
> work. Windows clients connect fine.
>
> Server logs:
> charon: 11[CFG] RADIUS Access-Request timed out after 4 attempts
> charon: 11[IKE] EAP method EAP_PEAP failed for peer MyVPNuser
>
> Client logs:
> charon-nm: 06[IKE] EAP-MS-CHAPv2 succeeded: '(null)'
> charon-nm: 06[IKE] sending tunneled EAP-PEAP AVP [EAP/RES/MSCHAPV2]
> charon-nm: 06[ENC] generating IKE_AUTH request 9 [ EAP/RES/PEAP ]
> charon-nm: 06[NET] sending packet: from 192.168.103.95[60160] to
> 11.11.11.11[4500] (108 bytes)
> charon-nm: 13[NET] received packet: from 11.11.11.11[4500] to
> 192.168.103.95[60160] (172 bytes)
> charon-nm: 13[ENC] parsed IKE_AUTH response 9 [ EAP/REQ/PEAP ]
> charon-nm: 13[IKE] received tunneled EAP-PEAP AVP [EAP/REQ/ID]
> charon-nm: 13[IKE] server requested EAP_IDENTITY authentication (id 0x09)
> charon-nm: 13[IKE] sending tunneled EAP-PEAP AVP [EAP/RES/ID]
> charon-nm: 13[ENC] generating IKE_AUTH request 10 [ EAP/RES/PEAP ]
> charon-nm: 13[NET] sending packet: from 192.168.103.95[60160] to
> 11.11.11.11[4500] (124 bytes)
> charon-nm: 14[IKE] retransmit 1 of request with message ID 10
> charon-nm: 14[NET] sending packet: from 192.168.103.95[60160] to
> 11.11.11.11[4500] (124 bytes)
> charon-nm: 09[IKE] retransmit 2 of request with message ID 10
> charon-nm: 09[NET] sending packet: from 192.168.103.95[60160] to
> 11.11.11.11[4500] (124 bytes)
> charon-nm: 10[NET] received packet: from 11.11.11.11[4500] to
> 192.168.103.95[60160] (76 bytes)
> charon-nm: 10[ENC] parsed IKE_AUTH response 10 [ EAP/FAIL ]
> charon-nm: 10[IKE] received EAP_FAILURE, EAP authentication failed
> charon-nm: 10[ENC] generating INFORMATIONAL request 11 [ N(AUTH_FAILED) ]
> charon-nm: 10[NET] sending packet: from 192.168.103.95[60160] to
> 11.11.11.11[4500] (76 bytes)
> NetworkManager[723]: <warn> [1579812873.7333]
> vpn-connection[0x55c27fae61a0,43409cea-49d3-4cdc-acde-84146d74abe6,"VPN
> 1",0]: VPN plugin: failed: connect-failed (1)
> NetworkManager[723]: <warn> [1579812873.7334]
> vpn-connection[0x55c27fae61a0,43409cea-49d3-4cdc-acde-84146d74abe6,"VPN
> 1",0]: VPN plugin: failed: connect-failed (1)
> NetworkManager[723]: <info> [1579812873.7336]
> vpn-connection[0x55c27fae61a0,43409cea-49d3-4cdc-acde-84146d74abe6,"VPN
> 1",0]: VPN plugin: state changed: stopping (5)
> NetworkManager[723]: <info> [1579812873.7337]
> vpn-connection[0x55c27fae61a0,43409cea-49d3-4cdc-acde-84146d74abe6,"VPN
> 1",0]: VPN plugin: state changed: stopped (6)
>
> May you help me?
the log clearly says "authentication failed" This is handled in the
backend RADIUS server. The reason for the failure is hidden in the log
files of the RADIUS server.
Mit freundlichen Grüßen,
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200124/f987d255/attachment.sig>
More information about the Users
mailing list