Translate authentication requests

Alan DeKok aland at
Fri Sep 23 19:58:54 CEST 2016

On Sep 23, 2016, at 12:27 PM, Laurens Vets <laurens at> wrote:
> I've got FreeRADIUS working with both OpenVPN (Android app + Windows) and StrongSwan (Android app). Authentication method used is eap-gtc with SSHA2 passwords. This all works.
> I'm now trying to integrate macOS and iOS clients as well, but I'm having a bit of a problem here. When either client sets up a connection to StrongSwan, FreeRADIUS receives an MSCHAPv2 request, which obviously doesn't work with SSHA2 passwords.
> Is there a way to either translate or proxy this MSCHAPv2 request into for instance an EAP-GTC request

  It's impossible.

> or is there a way to force the client to not use MSCHAPv2?

  Update the client configuration.  There is nothing you can do to FreeRADIUS which will change the client.

  Alan DeKok.

More information about the Freeradius-Users mailing list