Discussion:
[strongSwan] PEAP
Christian Salway
2018-09-15 09:38:14 UTC
Permalink
I'm trying to set up PEAP but getting an error. I connect to an NPS and have enabled PEAP with MSCHAPv2 on the connection


Sep 15 09:31:39 16[IKE] sending tunneled EAP-PEAP AVP [EAP/REQ/ID]
Sep 15 09:31:39 16[ENC] generating IKE_AUTH response 8 [ EAP/REQ/PEAP ]
Sep 15 09:31:39 16[NET] sending packet: from 10.0.1.82[4500] to 86.2.58.36[60210] (128 bytes)
Sep 15 09:31:39 04[NET] sending packet: from 10.0.1.82[4500] to 86.2.58.36[60210]
Sep 15 09:31:39 03[NET] waiting for data on sockets
Sep 15 09:31:40 03[NET] received packet: from 86.2.58.36[60210] to 10.0.1.82[4500]
Sep 15 09:31:40 06[NET] received packet: from 86.2.58.36[60210] to 10.0.1.82[4500] (160 bytes)
Sep 15 09:31:40 06[ENC] parsed IKE_AUTH request 9 [ EAP/RES/PEAP ]
Sep 15 09:31:40 06[IKE] received tunneled EAP-PEAP AVP [EAP/RES/ID]
Sep 15 09:31:40 06[IKE] received EAP identity 'christian.salway'
Sep 15 09:31:40 06[IKE] phase2 method EAP_MSCHAPV2 selected
Sep 15 09:31:40 06[IKE] EAP_MSCHAPV2 method not available
Sep 15 09:31:40 06[ENC] generating IKE_AUTH response 9 [ EAP/REQ/PEAP ]


./configure --prefix=/usr --sysconfdir=/etc \
--enable-eap-identity --enable-eap-radius --enable-openssl \
--enable-eap-peap
NPS






Windows 10 reports:
Andreas Steffen
2018-09-16 10:59:54 UTC
Permalink
Hi Christian,

add --enable-eap-mschapv2 as a configure option since MSCHAP-V2 based
password authentication is done within the PEAP tunnel.

Regards

Andreas
I'm trying to set up PEAP but getting an error.  I connect to an NPS and
have enabled PEAP with MSCHAPv2 on the connection
Sep 15 09:31:39 16[IKE] sending tunneled EAP-PEAP AVP [EAP/REQ/ID]
Sep 15 09:31:39 16[ENC] generating IKE_AUTH response 8 [ EAP/REQ/PEAP ]
Sep 15 09:31:39 16[NET] sending packet: from 10.0.1.82[4500] to
86.2.58.36[60210] (128 bytes)
Sep 15 09:31:39 04[NET] sending packet: from 10.0.1.82[4500] to 86.2.58.36[60210]
Sep 15 09:31:39 03[NET] waiting for data on sockets
Sep 15 09:31:40 03[NET] received packet: from 86.2.58.36[60210] to 10.0.1.82[4500]
Sep 15 09:31:40 06[NET] received packet: from 86.2.58.36[60210] to
10.0.1.82[4500] (160 bytes)
Sep 15 09:31:40 06[ENC] parsed IKE_AUTH request 9 [ EAP/RES/PEAP ]
Sep 15 09:31:40 06[IKE] received tunneled EAP-PEAP AVP [EAP/RES/ID]
Sep 15 09:31:40 06[IKE] received EAP identity 'christian.salway'
Sep 15 09:31:40 06[IKE] phase2 method EAP_MSCHAPV2 selected
*Sep 15 09:31:40 06[IKE] EAP_MSCHAPV2 method not available*
Sep 15 09:31:40 06[ENC] generating IKE_AUTH response 9 [ EAP/REQ/PEAP ]
./configure --prefix=/usr --sysconfdir=/etc \
--enable-eap-identity --enable-eap-radius --enable-openssl \
--enable-eap-peap
NPS
--
======================================================================
Andreas Steffen ***@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[INS-HSR]==
Continue reading on narkive:
Loading...