Hi Thomas, Have you looked at [1]? It says:
> EAP-MSCHAPv2 requires MD4 to generate the NT-Hashes HTH, Simon 1: https://wiki.strongswan.org/projects/strongswan/wiki/Windows7#C-Authentication-using-EAP-MSCHAP-v2 On 12/03/2014 04:59 PM, Thomas wrote: > Hi Noel, Hi Imarn > > thanks for your answers! > Any idea whats the best authentication method for username/password only > on client-side? > EAP-MD5? > > The client should be able to connect via windows ikev2 native clients, > the strongswan android-app, > and the native clients from osx/ios. > > Best > Thomas > > Am 03.12.2014 19:40, schrieb Imran Akbar: >> Hey Thomas, >> Seems like we're in the same boat. Which client are you using to > connect? >> I'm going to try that config on my own gateway and see if works for me. >> I'm also looking at this example for PSK authentication: > http://www.strongswan.org/uml/testresults/ikev2/rw-psk-ipv4/ >> >> yours, >> imarn >> >> On Wed, Dec 3, 2014 at 10:13 AM, Noel Kuntze <n...@familie-kuntze.de > <mailto:n...@familie-kuntze.de>> wrote: >> >> >> Hello Thomas, >> >> Using something like you already have in the conn win7 section will do. >> Just don't set any authentication method for the client, that needs >> certificates or psk and you're golden. >> Assuming of course your client is configured the right way, of course. >> >> Mit freundlichen Grüßen/Regards, >> Noel Kuntze >> >> GPG Key ID: 0x63EC6658 >> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 >> >> Am 03.12.2014 um 14:54 schrieb Thomas: >> > Hi, >> >> > I'm trying to setup strongswan to acceppt only username and password as >> > logincredentials. >> > So, the client do not need any certificate, only his username and >> password. >> > Is there any way to do that ? >> >> >> > My actual ipsec.conf is this: >> >> > config setup >> >> > conn ios >> > keyexchange=ikev1 >> > authby=xauthrsasig >> > xauth=server >> > left=%defaultroute >> > leftsubnet=0.0.0.0/0 <http://0.0.0.0/0> >> > leftfirewall=yes >> > leftcert=serverCert.pem >> > right=%any >> > rightsubnet=10.0.0.0/24 <http://10.0.0.0/24> >> > rightsourceip=10.0.0.0/24 <http://10.0.0.0/24> >> > rightcert=clientCert.pem >> > auto=add >> >> > conn android >> > keyexchange=ikev2 >> > left=%defaultroute >> > leftauth=pubkey >> > leftsubnet=0.0.0.0/0 <http://0.0.0.0/0> >> > leftcert=serverCert.pem >> > right=%any >> > rightauth=pubkey >> > rightsourceip=10.0.0.0/24 <http://10.0.0.0/24> >> > rightcert=clientCert.pem >> > auto=add >> >> > conn win7 >> > keyexchange=ikev2 >> > ike=aes256-sha1-modp1024! >> > esp=aes256-sha1! >> > dpdaction=clear >> > dpddelay=300s >> > rekey=no >> > left=%any >> > leftsubnet=0.0.0.0/0 <http://0.0.0.0/0> >> > leftauth=pubkey >> > leftcert=serverCert.pem >> > right=%any >> > rightsourceip=10.0.0.0/24 <http://10.0.0.0/24> >> > rightauth=eap-mschapv2 >> > rightsendcert=never >> > eap_identity=%any >> > auto=add >> >> > _______________________________________________ >> > Users mailing list >> > Users@lists.strongswan.org <mailto:Users@lists.strongswan.org> >> > https://lists.strongswan.org/mailman/listinfo/users >> >> >> _______________________________________________ >> Users mailing list >> Users@lists.strongswan.org <mailto:Users@lists.strongswan.org> >> https://lists.strongswan.org/mailman/listinfo/users >> >> >> >> >> _______________________________________________ >> Users mailing list >> Users@lists.strongswan.org >> https://lists.strongswan.org/mailman/listinfo/users > > > > > _______________________________________________ > Users mailing list > Users@lists.strongswan.org > https://lists.strongswan.org/mailman/listinfo/users > _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
