IPsec Must Be Disabled/Reenabled after Switching Phase 1 to EAP-RADIUS

[c0nsumer]

Describe the bug

I was testing out EAP-MSCHAPV2 versus EAP-RADIUS for Phase 1 authentication in an IPsec mobile user VPN. After switching to EAP-RADIUS and defining a RADIUS server, IPsec logged: charon[56124] | 12[IKE] <con1\|41> loading EAP_RADIUS method failed

Manually restarting IPsec (VPN → IPsec → Tunnel Settings, Uncheck Enable IPsec, Save, Check Enable IPsec, Save) got things working.

To Reproduce

Steps to reproduce the behavior:

1. Create a EAP-MSCHAPV2 Phase 1 auth. Get this all working.
2. Set up RADIUS. Switch Phase 1 to EAP-RADIUS.
3. Attempt to connect to IPsec.
4. Observe error in log and authentication failure.
5. Restart IPsec.
6. Authentication will succeed.

Expected behavior

If restarting IPsec is required to get EAP-RADIUS working, I would expect that the UI would prompt to do so.

Environment

Software version used and hardware type if relevant, e.g.:

OPNsense 20.7.7_1-amd64 FreeBSD 12.1-RELEASE-p11-HBSD OpenSSL 1.1.1i 8 Dec 2020

[OPNsense-bot]

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.

[raveBee]

Hello, for me this issue still persists in OPNsense version 22.7.7_1-amd64.