Hi, > But when it sends the IKE_AUTH response to client, it gives the > following error message in log i.e., “EAP-only authentication requires a > mutual and MSK deriving EAP method, but EAP_MD5 is not” and sends > INFORMATIONAL request 5 [ N(AUTH_FAILED) ] to server. As a result, > > 1) The VPN Server deletes IKE_SA/CHILD_SA . > 2) The VPN Client fails to establish VPN with user > authentication failed. > > Can anyone please suggest where it goes wrong or if I have missed > anything ? Here go the Charon log, configuration used at both ends. > > rightauth=eap-md5 > rightsendcert=never > leftauth=eap-md5
Exactly as the error message tells you, you can't use leftauth=eap-md5 as server. Use leftauth=pubkey instead. Regards, Tobias _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
