Project

General

Profile

Issue #2736

MSWINDOWS-StrongSwan-EAP-MSCHAPv2-Failure-Interoperablity

Added by Prashant Gupta 9 months ago. Updated 4 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
configuration
Affected version:
5.6.2
Resolution:
No feedback

Description

Failed to connect with StrongSwan (Responder) and Microsoft Windows (RoadWarrior-Initiator) using below configuration:

https://strongswan.org/testing/testresults/ikev2/rw-eap-mschapv2-id-rsa/index.html

Attached is Snapshot for packet capture for reference.

Is there any other detailed steps available for configuration? I have followed
https://wiki.strongswan.org/projects/strongswan/wiki/Win7EapConfig
and
https://strongswan.org/testing/testresults/ikev2/rw-eap-mschapv2-id-rsa/index.html

MSWINDOWS-StrongSwan-EAP-MSCHAPv2-Failure.JPG (286 KB) MSWINDOWS-StrongSwan-EAP-MSCHAPv2-Failure.JPG Prashant Gupta, 30.08.2018 14:51
Windows-Initator-error.jpg (260 KB) Windows-Initator-error.jpg MS Windows Native VPN as Client(Initiator) Prashant Gupta, 04.09.2018 07:36
Strongswan-Responder.log (1.18 MB) Strongswan-Responder.log StrongSwan as Server (Responde) Prashant Gupta, 04.09.2018 07:41

History

#1 Updated by Tobias Brunner 9 months ago

  • Category changed from interoperability to configuration
  • Status changed from New to Feedback
  • Assignee deleted (Martin Willi)
  • Priority changed from High to Normal

Is there any other detailed steps available for configuration? I have followed
https://wiki.strongswan.org/projects/strongswan/wiki/Win7EapConfig
and
https://strongswan.org/testing/testresults/ikev2/rw-eap-mschapv2-id-rsa/index.html

No, that's it. Make sure you entered/configured the correct username and password. Check the server log for details on the error.

#2 Updated by Prashant Gupta 9 months ago

Tobias Brunner wrote:

Is there any other detailed steps available for configuration? I have followed
https://wiki.strongswan.org/projects/strongswan/wiki/Win7EapConfig
and
https://strongswan.org/testing/testresults/ikev2/rw-eap-mschapv2-id-rsa/index.html

No, that's it. Make sure you entered/configured the correct username and password. Check the server log for details on the error.

I have used the same configuration and username and password which is mentioned in https://strongswan.org/testing/testresults/ikev2/rw-eap-mschapv2-id-rsa/index.html configuration.
Attached is Windows (Initiator) and Strongswan(Responder) logs snapshot for reference.

Note: To validate the configuration I tried Strongswan(Initiator) and Strongswan(Responder) with same configuration for EAP-MSCHAPV2 and found it Working.
Is there anything specific to Windows I am missing here.
MS-WIndows is rejecting MSCHAPv2 SUCCESS Request with following error:
CoId={1BA30068-358A-488E-B6B0-401048237015}: The user CLPSTPDFC619\prashant.g dialed a connection named EAP which has failed. The error code returned on failure is 0.

#3 Updated by Tobias Brunner 9 months ago

Sep  4 11:08:51 calr720-vm10 charon: 08[ENC] parsed IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]
Sep  4 11:08:51 calr720-vm10 charon: 08[IKE] EAP-MS-CHAPv2 verification failed, retry (1)

This sounds to me like you entered the wrong password on the client. By the way, you should reduce the log levels (e.g. use those given on HelpRequests).

#4 Updated by Noel Kuntze 4 months ago

  • Status changed from Feedback to Closed
  • Resolution set to No feedback

Also available in: Atom PDF