Am Freitag, 16. Januar 2015, 11:32:36 schrieb Martin Willi: > Hi, > > > constraint requires public key authentication, but EAP was used > > selected peer config 'test' inacceptable: constraint checking failed > > > > On the server side I have: > > leftauth=eap-ttls > > rightauth=eap-ttls > > > > and on the client side I have: > > leftauth=eap > > If you want to skip IKE public key responder authentication by relying > on mutual EAP-TTLS (with inner EAP-MD5), you'll have to allow that on > the client side. You can do that for example by setting rightauth=any on > the client, as seen in [1].
Hi, no. the problem was that in the destict TNC documentation https://wiki.strongswan.org/projects/strongswan/wiki/TrustedNetworkConnect and the links in this site there is no mentioning switching off multiple_authentication in charon.conf: multiple_authentication = no It is included in the documention web sites you mentioned. But searching for "strongswan tnc" give the above mentioned website on top. Mit freundlichen Grüßen, Michael Schwartzkopff -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
