[strongSwan] Android client - Use MSCHAPv2

Tobias Brunner tobias at strongswan.org
Mon Sep 14 14:56:38 CEST 2020


> The feature list explicitly states that the android client supports
> EAP-MSCHAPv2, but I see no way to actually enforce that on the client,
> and the authentication keeps failing because EAP-MD5 is used.

The (AAA) server is the one initiating the EAP method, the client can't
explicitly choose the method (it could reject the initiated method and
send a list of supported ones, but the Android client has no option to
explicitly reject one of the username/password methods).  So how is
EAP-MD5 failing?  Why is the server initiating a method that then fails?
 And why don't you just let the server initiate EAP-MSCHAPv2 if you want
to use that?


More information about the Users mailing list