Hello, we're trying to get IKEv2 under Windows 7 going. It can use among others "EAP-MSCHAPv2"; notably with EAP wrapper but without TLS.
While auth succeeds, FreeRADIUS doesn't send MPPE keys back, and Win 7 then rejects the session. I noticed that rlm_mschap can be configured to calculate and send MPPE keys, while rlm_eap/types/mschapv2 does not; the two modules seem to be mostly independent. Is that something that can easily be added? BTW, a check back with a developer "Martin" from strongswan.org yielded: "Then I'd assume you are using FreeRADIUS :-). It does not include the MSK in MSCHAPv2 if used over EAP. IKEv2 however requires the MSK to calculate the AUTH payload. In its current form, you can't use FreeRADIUS for your setup, my apologies. One could extend FreeRADIUS to copy over the MPPE keys, but writing such a patch is not something I can do in a few minutes." Greetings, Stefan Winter -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473
signature.asc
Description: OpenPGP digital signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
