Thankyou Tobias for your prompt response. The Gateway configuration for Android
(strongSwanVPN Client) setting "IKEv2 Certificate + EAP (Username/Password)".
Thuswe need to configure rightauth2=eap-md5 which was missing. This configures
asecond authentication round using EAP after doing a first round
withcertificate authentication. With this, VPN connection gets established. I
think, it hasnothing to do with constraints and eap-dynamic plugin.
Pleasecorrect me if I am wrong.
On Thursday, April 28, 2016 10:04 PM, Tobias Brunner
<[email protected]> wrote:
Hi,
> 12[CFG] constraint requires EAP_MD5, but EAP_NAK was used
You configured rightauth=eap-md5 but your client did not authenticate
with EAP but with its certificate. Check the client configuration.
Regards,
Tobias
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users