ikev2 windows inbuilt EAP-RADIUS vpn is not working.
-
Hello all,
I have a ikev2 EAP-RADIUS vpn configured for the mobile clients. it works fine with few windows host but didn't work on other host. It gives the error "ike authentication credentials are unacceptable"(error code 13801).I double checked to make sure none of the below is the reason.
The certificate is expired.
The trusted root for the certificate is not present on the client.
The subject name of the certificate does not match the remote computer.
The certificate does not have the required Enhanced Key Usage (EKU) values assigned.
from the pfsense logs entry I can see that pfsense firewall sending traffic to the client but not going any further and after timeout deletes the half open IKE_SA with pfsense firewall. Any help ? -
@nikhilsalunke Is it possibly linked to this?
https://forum.netgate.com/topic/89558/ipsec-pmtu/17?_=1634945881916
EAP / RADIUS can cause UDP packets that need to be fragmented and relies on PMTUD working.