On Thu, May 31, 2012 at 12:28:47PM +0200, Mike Belopuhov wrote: > > My iked config looks like this: > > > > do you have a "user" specification in your iked.conf? > which user are you trying to authenticate as? > "user" specification occupies a separate line and looks > like that: > > user "username" "password" > > iked can't consult the local password database or radius > or any other authentication service at the moment except > this internal "database".
Yes I do have a user entry, right at the top. I didn't think posting it was a good idea. > also, have you tried w/o mschap? you need to select the > "Computerzertifikate verwenden" radio button to turn eap off. I tried that but it had an error, which made me want to try EAP again. > > ikev2 "win7" passive esp \ > > from 172.16.20.0/24 to 0.0.0.0/0 local any peer any \ > > srcid 10.0.0.1 \ > > eap "mschap-v2" \ > > config address 172.16.20.1 \ > > config name-server 212.18.3.5 \ > > tag "$name-$id" > > > > looks fine except of absent of the "user" specification. > i'd ditch the "tag" though as i didn't test it but it shouldn't > affect anything. Hmm. What to do... Any hint on how to debug this best? -peter
