[strongSwan] Client to site and freeradius

Volodymyr Litovka doka.ua at gmx.com
Wed Jun 24 14:40:12 CEST 2020

Hi Vladimir,

I'm using FreeRadius with EAP-MSCHAPv2 to authenticate Cisco, Mikrotik,
Windows 10 and MacOS clients. Everything works.

On 24.06.2020 14:00, Клеусов Владимир Сергеевич wrote:
> Hi
> Thanks
> Does the standard Mac os vpn client work via mschapv2 ? On freeradius I have it disabled and why this is so.
>> 24 июня 2020 г., в 12:34, Tobias Brunner <tobias at strongswan.org> написал(а):
>> Hi,
>>> Is it possible to configure
>>> strongswan with this configuration ?If so why ?
>> Yes, strongSwan is not directly involved in the authentication if you
>> use the eap-radius plugin.  The EAP messages are exchanged between
>> client and RADIUS server, strongSwan only forwards them.  So any EAP
>> method can be used as long as client and RADIUS server can both agree on
>> one.
>>> Then the authentication error and the logs of the radius
>>> login incorrect (EAP: no mutually acceptable types)
>> Apparently, the client doesn't support the EAP method the RADIUS server
>> proposes.
>> Regards,
>> Tobias

Volodymyr Litovka
   "Vision without Execution is Hallucination." -- Thomas Edison

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200624/4ec0666d/attachment.html>

More information about the Users mailing list