IKEv2+PEAP no joy

Mon Apr 12 08:17:35 CEST 2010

Hi,

>   Run the server with '-Xx' to get a hex dump of the tunneled data.
> That will give a bit more information about what's going on.
>   

that doesn't reveal much new info. For outer id set, it dumps the inner
EAP-Message, but for unset, only the error message. -Xxxx (-Xx looks the
same):

- with id privacy

Mon Apr 12 08:08:25 2010 : Info: +- entering group authenticate {...}
Mon Apr 12 08:08:25 2010 : Info: [eap] Request found, released from the list
Mon Apr 12 08:08:25 2010 : Info: [eap] EAP/peap
Mon Apr 12 08:08:25 2010 : Info: [eap] processing type peap
Mon Apr 12 08:08:25 2010 : Info: [peap] processing EAP-TLS
Mon Apr 12 08:08:25 2010 : Info: [peap] eaptls_verify returned 7
Mon Apr 12 08:08:25 2010 : Info: [peap] Done initial handshake
Mon Apr 12 08:08:25 2010 : Info: [peap] eaptls_process returned 7
Mon Apr 12 08:08:25 2010 : Info: [peap] EAPTLS_OK
Mon Apr 12 08:08:25 2010 : Info: [peap] Session established.  Decoding
tunneled attributes.
Mon Apr 12 08:08:25 2010 : Info: [peap] Identity -
claude.tompers at education.lu
Mon Apr 12 08:08:25 2010 : Info: [peap] Got tunneled request
        EAP-Message =
0x0205002001636c617564652e746f6d7065727340656475636174696f6e2e6c75
server VPN {
Mon Apr 12 08:08:25 2010 : Debug:   PEAP: Got tunneled identity of
claude.tompers at education.lu
Mon Apr 12 08:08:25 2010 : Debug:   PEAP: Setting default EAP type for
tunneled EAP session.
Mon Apr 12 08:08:25 2010 : Debug:   PEAP: Setting User-Name to
claude.tompers at education.lu
Sending tunneled request
        EAP-Message =
0x0205002001636c617564652e746f6d7065727340656475636174696f6e2e6c75
        FreeRADIUS-Proxied-To = 127.0.0.1
        User-Name = "claude.tompers at education.lu"
        NAS-Port-Type = Virtual
        NAS-Identifier = "strongSwan"
        RESTENA-Service-Type = "VPN"

- without id privacy:

Mon Apr 12 08:07:38 2010 : Info: +- entering group authenticate {...}
Mon Apr 12 08:07:38 2010 : Info: [eap] Request found, released from the list
Mon Apr 12 08:07:38 2010 : Info: [eap] EAP/peap
Mon Apr 12 08:07:38 2010 : Info: [eap] processing type peap
Mon Apr 12 08:07:38 2010 : Info: [peap] processing EAP-TLS
Mon Apr 12 08:07:38 2010 : Info: [peap] eaptls_verify returned 7
Mon Apr 12 08:07:38 2010 : Info: [peap] Done initial handshake
Mon Apr 12 08:07:38 2010 : Info: [peap] eaptls_process returned 7
Mon Apr 12 08:07:38 2010 : Info: [peap] EAPTLS_OK
Mon Apr 12 08:07:38 2010 : Info: [peap] Session established.  Decoding
tunneled attributes.
Mon Apr 12 08:07:38 2010 : Info: [peap] Tunneled data is invalid.
Mon Apr 12 08:07:38 2010 : Info: [eap] Handler failed in EAP/peap
Mon Apr 12 08:07:38 2010 : Info: [eap] Failed in EAP select
Mon Apr 12 08:07:38 2010 : Info: ++[eap] returns invalid
Mon Apr 12 08:07:38 2010 : Info: Failed to authenticate the user.
Mon Apr 12 08:07:38 2010 : Auth: Login incorrect: [
\001\n\030\000\000\004\003\235A\2112\236\240\242\220/<via A
uth-Type = EAP>] (from client vpn6-test-v4 port 0)

Stefan

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100412/ec999921/attachment.pgp>