Re: [strongSwan] verification of AUTH payload without EAP MSK failed

Hi Tobias, I found that paragraph just after writing my last email :) The RADIUS Proxy is https://duo.com/docs/radius who have written back to me asking for logs so will see what they say. Kind regards, Christian Salway IT Consultant - Naimuri T: +44 7463 331432

Re: [strongSwan] verification of AUTH payload without EAP MSK failed

Hi Christian, > Why would it fail after getting an approved access from RADIUS > > ... > 12[IKE] EAP method EAP_MSCHAPV2 succeeded, no MSK established If the EAP method is key-generating, which EAP-MSCHAPv2 is, the authentication will not succeed without an MSK, which the RADIUS server should

Re: [strongSwan] verification of AUTH payload without EAP MSK failed

Any ideas on this one guys? Can't find a solution and its stopped us proceeding. I've emailed Duo support who we use as a RADIUS proxy for MFA but no word back from them either. > On 10 Jul 2018, at 07:57, Christian Salway > wrote: > > Why would it fail after getting an approved access

[strongSwan] verification of AUTH payload without EAP MSK failed

Why would it fail after getting an approved access from RADIUS 12[CFG] sending RADIUS Access-Request to server 'primary' 16[MGR] ignoring request with ID 5, already processing 09[MGR] ignoring request with ID 5, already processing 12[CFG] received RADIUS Access-Accept from server 'primary'