Hi, > constraint requires public key authentication, but EAP was used > selected peer config 'test' inacceptable: constraint checking failed > > On the server side I have: > leftauth=eap-ttls > rightauth=eap-ttls
> and on the client side I have: > leftauth=eap If you want to skip IKE public key responder authentication by relying on mutual EAP-TTLS (with inner EAP-MD5), you'll have to allow that on the client side. You can do that for example by setting rightauth=any on the client, as seen in [1]. Regards Martin [1]https://www.strongswan.org/uml/testresults/ikev2/rw-eap-ttls-only/index.html _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
