> why it wasn't sending identity before but does sent it now? The client now offers EAP authentication by omitting the AUTH payload in the first IKE_AUTH exchange. This allows the server to trigger the EAP-Identity exchange, followed by EAP-MSCHAPv2.
> and why does authentication fail? The client rejects the EAP-MSCHAPv2 method with EAP-NAK. It is configured to use something else or does not support it. AFAIK iOS supports EAP-MSCHAPv2, so most likely this is a client configuration issue. Regards Martin _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users