Hi, > What I don't understand is why it is failing on EAP identity when I clearly > defined 'eap_identity=%any'
> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] > generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) > N(MULT_AUTH) ] > parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH CPRQ(ADDR DHCP DNS > MASK ADDR6 DHCP6 DNS6) N(ESP_TFC_PAD_N) > authentication of '%any' with pre-shared key > constraint check failed: EAP identity '%any' required Your client does not initiate EAP, but authenticates with a pre-shared key. It does not provide an EAP-Identity matching "%any", as no EAP-Identity is exchanged at all. If you want to do EAP-MSCHAPv2 with iOS IKEv2, set ExtendedAuthEnabled, see [1]. Regards Martin [1]https://wiki.strongswan.org/projects/strongswan/wiki/AppleIKEv2Profile _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
