EAP-MSCHAPv2 and MPPE key
stefan.winter at restena.lu
Mon Jun 7 08:44:25 CEST 2010
we're trying to get IKEv2 under Windows 7 going. It can use among others
"EAP-MSCHAPv2"; notably with EAP wrapper but without TLS.
While auth succeeds, FreeRADIUS doesn't send MPPE keys back, and Win 7
then rejects the session.
I noticed that rlm_mschap can be configured to calculate and send MPPE
keys, while rlm_eap/types/mschapv2 does not; the two modules seem to be
Is that something that can easily be added?
BTW, a check back with a developer "Martin" from strongswan.org yielded:
"Then I'd assume you are using FreeRADIUS :-).
It does not include the MSK in MSCHAPv2 if used over EAP. IKEv2 however
requires the MSK to calculate the AUTH payload.
In its current form, you can't use FreeRADIUS for your setup, my
apologies. One could extend FreeRADIUS to copy over the MPPE keys, but
writing such a patch is not something I can do in a few minutes."
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
Tel: +352 424409 1
Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 262 bytes
Desc: OpenPGP digital signature
More information about the Freeradius-Users