eap-mschapv2 and MPPE keys

Alan DeKok aland at deployingradius.com
Thu Sep 29 20:24:06 CEST 2016

On Sep 29, 2016, at 2:09 PM, Adam Schumacher <adam.schumacher at flightaware.com> wrote:
> I am trying to get an ike2 ipsec vpn to work on pfsense 2.3.2 (with strongswan 5.5) doing EAP-RADIUS to a FreeRadius server (2.2.9) that comes with Apple server (OS X 10.11).  All of the pieces are connected and communicating properly.  The pfsense is sending the eap-mschapv2 requests to freeradius and freeradius is sending back an Access-Accept.  However, the IKE_AUTH fails because there is no MSK.  Looking at the output of radiusd –X, I see that it is not sending back MS-MPPE-Send-Key/MS-MPPE-Recv-Key, even though use_mppe = yes in the mschap module config.  I’ve tried toggling require_encryption as well with no noticeable difference.  Does anyone have any ideas on how to get FreeRadius to send back the MPPE keys?

  Use 3.0.12.

  We're not going to debug issues in unsupported versions of the server.

  Alan DeKok.

More information about the Freeradius-Users mailing list