On Sep 23, 2016, at 12:27 PM, Laurens Vets <laurens@daemon.be> wrote:
I've got FreeRADIUS working with both OpenVPN (Android app + Windows) and StrongSwan (Android app). Authentication method used is eap-gtc with SSHA2 passwords. This all works.
I'm now trying to integrate macOS and iOS clients as well, but I'm having a bit of a problem here. When either client sets up a connection to StrongSwan, FreeRADIUS receives an MSCHAPv2 request, which obviously doesn't work with SSHA2 passwords.
Is there a way to either translate or proxy this MSCHAPv2 request into for instance an EAP-GTC request
It's impossible. http://deployingradius.com/documents/protocols/compatibility.html
or is there a way to force the client to not use MSCHAPv2?
Update the client configuration. There is nothing you can do to FreeRADIUS which will change the client. Alan DeKok.