As part of a security upgrade, we are in the process of removing support for IPSec with EAP-MSCHAPv2 authentication.
The following Strogswan configuration is known to work:
- Create a config file in your strongswan ipsec.d directory e.g. ivpn.conf with the following
Change the right= and rightid= as appropriate for the server you want to connect to.
conn ivpn keyexchange=ikev2 right=gb.gw.ivpn.net rightid=gb.gw.ivpn.net rightsubnet=0.0.0.0/0 rightauth=pubkey leftsourceip=%config leftauth=eap-mschapv2 eap_identity=ivpnUserName auto=start dpdaction=restart
- Create a .secrets file e.g. ivpn.secrets in the strongswan ipsec.d directory e.g. ivpn.secrets with the following
Note that there is a space either side of the colon :.
ivpnUserName : EAP "ivpn"
- You may need to download this CA certificate and store it in a file located in your strongswan ipsec.d/cacerts directory.
- Tell strongswan to restart or reload it's config.
Was this answer helpful?