search

strongswan / strongMan

Management UI for strongSwan
https://www.strongswan.org/
Other
115 stars 39 forks source link

Server IKEv2 EAP with Windows client request Login/Password on connect every time #155

Open Spider84 opened 1 week ago

Spider84 commented 1 week ago 
Method IKEv2 EAP (Username/Password)
Name vpn.***.ru
IKE Version 2
Server Address %any
Remote Address %any
Pool Name primary-pool-ipv4
Pool Addresses 192.168.200.2-192.168.200.254
Pool Attribute dns
Pool Attribute values 8.8.8.8,1.1.1.1
Send Certificate Request True
Start Action start
Remote Authentication eap-mschapv2
Server Certificate C=, L=, ST=, O=, OU=, CN=vpn.***.ru
Identity vpn.***.ru
Identity Type subjectAltName
CA/Peer Certificate -
CA Identity -
Local traffic selector 0.0.0.0/0
Remote traffic selector -

when windows client try to connect - windows request login and password every time even if Save authentification check box is checked. Reason is absend field eap_id in remote section:

remote {
        auth = eap-mschapv2
        eap_id=%any
}
diff --git a/strongMan/apps/server_connections/models/authentication.py b/strongMan/apps/server_connections/models/authentication.py
index df982c9..5bad624 100644
--- a/strongMan/apps/server_connections/models/authentication.py
+++ b/strongMan/apps/server_connections/models/authentication.py
@@ -61,6 +61,7 @@ class CaCertificateAuthentication(Authentication):
     def dict(self):
         auth = super(CaCertificateAuthentication, self).dict()
         parameters = auth[self.name]
+        parameters['eap_id'] = "%any"
         if self.ca_cert is not None:
             if self.ca_cert.is_CA:
                 parameters['cacerts'] = [self.ca_cert.der_container]

I know this is Crutch but it work.

tobiasbrunner commented 1 week ago

Yeah, see my old comment here: https://github.com/strongswan/strongMan/issues/147#issuecomment-1791126313