Hello everybody,
i tried to follow the howto from the wiki to setup an vpn server with strongswan for my android clients. But it seems with the current version of strongswan ( 5.3.2 ) the EAP-MSCHAPV2 plugin won't get loaded.
Also i need to limit the plugins with charon, if not it would stuck in a restart loop.
Especually anybody can help me to fix that? Would be great!
Currently using Chaos Calmer 15.05 for this setup.
And here the log outputs:
Mon Aug 31 22:13:39 2015 daemon.info syslog: 08[CFG] added configuration 'roadwarrior'
Mon Aug 31 22:13:52 2015 daemon.info syslog: 04[NET] received packet: from xxx.xxx.xxx.254[11894] to xxx.xxx.xxx.154[500] (1012 bytes)
Mon Aug 31 22:13:52 2015 daemon.info syslog: 04[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) ]
Mon Aug 31 22:13:52 2015 daemon.info syslog: 04[IKE] xxx.xxx.xxx.254 is initiating an IKE_SA
Mon Aug 31 22:13:52 2015 authpriv.info syslog: 04[IKE] xxx.xxx.xxx.254 is initiating an IKE_SA
Mon Aug 31 22:13:53 2015 daemon.info syslog: 04[IKE] remote host is behind NAT
Mon Aug 31 22:13:53 2015 daemon.info syslog: 04[IKE] sending cert request for "C=AT, O=HeimNetz, CN=xxxx"
Mon Aug 31 22:13:53 2015 daemon.info syslog: 04[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) N(MULT_AUTH) ]
Mon Aug 31 22:13:53 2015 daemon.info syslog: 04[NET] sending packet: from xxx.xxx.xxx.154[500] to xxx.xxx.xxx.254[11894] (481 bytes)
Mon Aug 31 22:13:55 2015 daemon.info syslog: 03[NET] received packet: from xxx.xxx.xxx.254[22502] to xxx.xxx.xxx.154[4500] (4700 bytes)
Mon Aug 31 22:13:55 2015 daemon.info syslog: 03[ENC] parsed IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CPRQ(ADDR ADDR6 DNS DNS6) N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(AUTH_FOLLOWS) ]
Mon Aug 31 22:13:55 2015 daemon.info syslog: 03[IKE] received cert request for "C=AT, O=HeimNetz, CN=xxxx"
Mon Aug 31 22:13:55 2015 daemon.info syslog: 03[IKE] received 153 cert requests for an unknown ca
Mon Aug 31 22:13:55 2015 daemon.info syslog: 03[IKE] received end entity cert "C=AT, O=HeimNetz, CN=client"
Mon Aug 31 22:13:55 2015 daemon.info syslog: 03[CFG] looking for peer configs matching xxx.xxx.xxx.154[%any]...xxx.xxx.xxx.254[C=AT, O=HeimNetz, CN=client]
Mon Aug 31 22:13:55 2015 daemon.info syslog: 03[CFG] selected peer config 'roadwarrior'
Mon Aug 31 22:13:55 2015 daemon.info syslog: 03[CFG] using trusted ca certificate "C=AT, O=HeimNetz, CN=xxxx"
Mon Aug 31 22:13:55 2015 daemon.info syslog: 03[CFG] checking certificate status of "C=AT, O=HeimNetz, CN=client"
Mon Aug 31 22:13:55 2015 daemon.info syslog: 03[CFG] certificate status is not available
Mon Aug 31 22:13:55 2015 daemon.info syslog: 03[CFG] reached self-signed root ca with a path length of 0
Mon Aug 31 22:13:55 2015 daemon.info syslog: 03[CFG] using trusted certificate "C=AT, O=HeimNetz, CN=client"
Mon Aug 31 22:13:55 2015 daemon.info syslog: 03[IKE] authentication of 'C=AT, O=HeimNetz, CN=client' with RSA_EMSA_PKCS1_SHA256 successful
Mon Aug 31 22:13:55 2015 daemon.info syslog: 03[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Mon Aug 31 22:13:55 2015 daemon.info syslog: 03[IKE] peer supports MOBIKE
Mon Aug 31 22:13:55 2015 daemon.info syslog: 03[IKE] authentication of xxx.xxx.xxx.org' (myself) with RSA_EMSA_PKCS1_SHA256 successful
Mon Aug 31 22:13:55 2015 daemon.info syslog: 03[IKE] sending end entity cert "C=AT, O=HeimNetz, CN=xxx.xxx.xxx.org"
Mon Aug 31 22:13:55 2015 daemon.info syslog: 03[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH ]
Mon Aug 31 22:13:55 2015 daemon.info syslog: 03[NET] sending packet: from xxx.xxx.xxx.154[4500] to xxx.xxx.xxx.254[22502] (1260 bytes)
Mon Aug 31 22:13:55 2015 daemon.info syslog: 02[NET] received packet: from xxx.xxx.xxx.254[22502] to xxx.xxx.xxx.154[4500] (76 bytes)
Mon Aug 31 22:13:55 2015 daemon.info syslog: 02[ENC] parsed IKE_AUTH request 2 [ IDi ]
Mon Aug 31 22:13:55 2015 daemon.info syslog: 02[IKE] loading EAP_MSCHAPV2 method failed
Mon Aug 31 22:13:55 2015 daemon.info syslog: 02[ENC] generating IKE_AUTH response 2 [ EAP/FAIL ]
Mon Aug 31 22:13:55 2015 daemon.info syslog: 02[NET] sending packet: from xxx.xxx.xxx.154[4500] to xxx.xxx.xxx.254[22502] (76 bytes