03-03-2011 02:12 AM - edited 03-03-2011 02:22 AM
I have the same problem as yours. So this makes me open a case this morning...
- Strongswan IKEv2 Client is working Fine on Linux (for both EAP-MSCHAPv2 and certificate authentication)
- But, I'am unable to connect with Windows 7: I've got a 13868 error on Windows 7. SSL VPN user logs shows that credentials are accepted and a IKEv2 Protocol error (IKEV2_NO_PROPOSAL_CHOSEN).
For info, on linux, my ipsec.conf contains the following:
# ipsec.conf - strongSwan IPsec configuration file
# Add connections here.
right=<your SSL VPN IP Address used for IKEv2>
rightsubnet=<the subnet you want to have access>
You should add the corresponding password on ipsec.secrets file:
<your username> : EAP "<your password>"
You should add the corresponding ROOT CA used for the SSL VPN certificate on the /etc/ipsec.d/cacerts folder.
On the SSL VPN, I use a local backend, with clear text password. Do not forget that only local auth (with clear text password option ) and Active Directory Backend are supported to do MSCHAPv2.
I hope that radius backend will be supported soon (all the EAP stuff is already on my radius server...).
03-04-2011 02:52 AM
Finally, I am able to connect with IKEv2 on Windows 7 Client.
I had to change something on my "Ressource profile":
I had to set "Network Connect" Transport mode to "ESP AES128/SHA1" (as shown on screenshot) "ESP AES128/MD5" is not working.
Now IKEv2 tunnels works on Windows 7 and Linux clients.
04-18-2011 09:16 AM
Are certs still needed to do EAP user auth with IVE 7.1? Admin Guide has lttle on this and seems to merge EAP and Cert auth. I didn't do anything with certs and I'm getting following error from Windows 7 client "Error 13801: IKE auth credentials are unacceptable".