Hi,

> But when it sends the IKE_AUTH response to client, it gives the
> following error message in log i.e., “EAP-only authentication requires a
> mutual and MSK deriving EAP method, but EAP_MD5 is not” and sends
> INFORMATIONAL request 5 [ N(AUTH_FAILED) ] to server. As a result,
>     
>         1)          The VPN Server deletes IKE_SA/CHILD_SA .
>         2)      The VPN Client fails to establish VPN with user
> authentication failed.
>  
> Can anyone please suggest where it goes wrong or if I have missed
> anything ? Here go the Charon log, configuration used at both ends.
>
>         rightauth=eap-md5
>         rightsendcert=never
>          leftauth=eap-md5

Exactly as the error message tells you, you can't use leftauth=eap-md5
as server.  Use leftauth=pubkey instead.

Regards,
Tobias

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to