Hello:
I am
INSTALL
./configure …… - --enable-eap-identity --enable-eap-mschapv2 --enable-eap-peap
--enable-eap-radius …….. && make && make instll
Strongswan.conf:
Charon{
Load = …….. eap-identity eap-mschapv2 eap-radius eap-peap ……..
………
}
Ipsec.conf:
.rightauth=eap-peap
LOG:
Dec 20 22:06:12 gateway charon: 13[CFG] received stroke: delete connection
'rw-EAP-MSchapv2'
Dec 20 22:06:12 gateway charon: 13[CFG] deleted connection 'rw-EAP-MSchapv2'
Dec 20 22:06:12 gateway charon: 15[CFG] received stroke: add connection 'rw-eap'
Dec 20 22:06:12 gateway charon: 15[CFG] loaded certificate "C=CN,
O=eco-schulte, CN=gw-a.***.cn" from 'gw-aCert.pem'
Dec 20 22:06:12 gateway charon: 15[CFG] added configuration 'rw-eap'
Dec 20 22:06:45 gateway charon: 05[NET] received packet: from 183.*.*.*[500] to
59.*.*.*[500] (792 bytes)
Dec 20 22:06:45 gateway charon: 05[ENC] parsed IKE_SA_INIT request 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) ]
Dec 20 22:06:45 gateway charon: 05[IKE] 183.*.*.* is initiating an IKE_SA
Dec 20 22:06:45 gateway charon: 05[IKE] remote host is behind NAT
Dec 20 22:06:45 gateway charon: 05[ENC] generating IKE_SA_INIT response 0 [ SA
KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
Dec 20 22:06:45 gateway charon: 05[NET] sending packet: from 59.*.*.*[500] to
183.*.*.*[500] (308 bytes)
Dec 20 22:06:45 gateway charon: 06[NET] received packet: from 183.*.*.*[4500]
to 59.*.*.*[4500] (724 bytes)
Dec 20 22:06:45 gateway charon: 06[ENC] parsed IKE_AUTH request 1 [ IDi CERTREQ
N(MOBIKE_SUP) CP(ADDR DNS NBNS SRV) SA TSi TSr ]
Dec 20 22:06:45 gateway charon: 06[IKE] received cert request for "C=CN, O=***,
CN=*** ca"
Dec 20 22:06:45 gateway charon: 06[IKE] received 20 cert requests for an
unknown ca
Dec 20 22:06:45 gateway charon: 06[CFG] looking for peer configs matching
59.*.*.*[%any]...183.*.*.*[192.168.1.3]
Dec 20 22:06:45 gateway charon: 06[CFG] selected peer config 'rw-eap'
Dec 20 22:06:45 gateway charon: 06[IKE] initiating EAP_IDENTITY method (id 0x00)
Dec 20 22:06:45 gateway charon: 06[IKE] peer supports MOBIKE
Dec 20 22:06:45 gateway charon: 06[IKE] authentication of 'gw-a.***.cn'
(myself) with RSA signature successful
Dec 20 22:06:45 gateway charon: 06[IKE] sending end entity cert "C=CN,
O=eco-schulte, CN=gw-a.***.cn"
Dec 20 22:06:45 gateway charon: 06[ENC] generating IKE_AUTH response 1 [ IDr
CERT AUTH EAP/REQ/ID ]
Dec 20 22:06:45 gateway charon: 06[NET] sending packet: from 59.*.*.*[4500] to
183.*.*.*[4500] (1220 bytes)
Dec 20 22:06:45 gateway charon: 07[NET] received packet: from 183.*.*.*[4500]
to 59.*.*.*[4500] (68 bytes)
Dec 20 22:06:45 gateway charon: 07[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ]
Dec 20 22:06:45 gateway charon: 07[IKE] received EAP identity 'peer'
Dec 20 22:06:45 gateway charon: 07[IKE] loading EAP_MSCHAPV2 method failed
Dec 20 22:06:45 gateway charon: 07[ENC] generating IKE_AUTH response 2 [
EAP/FAIL ]
Dec 20 22:06:45 gateway charon: 07[NET] sending packet: from 59.*.*.*[4500] to
183.*.*.*[4500] (68 bytes)
If
Ipsec.conf:
rightauth=eap-radius
else:
LOG:
oading EAP_RADIUS method failed
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
