EAP-MSCHapv2 with internal users?

  • Hi,

    I have setup an IPsec mobile client access to my pfsense (2.2.6).

    As authentication method in phase 1 I have choosen "EAP-MSChapv2" and on my android device I use strongswan to setup the VPN tunnel.

    I have stored a password in the "IPsec Preshared Key" field of the internal pfSense user record.

    But with this the connection has been canceled because of authentication problems. Accidentialy I created a new preshared key entry manually in the IPsec tab and there I can choose between PSK and EAP.

    And voila: with this username it works now.

    Is it a bug or don't I understand how it works? In all how-to's and documentations I have read, I didn't find any hint to this..

    Best regards,


  • Rebel Alliance Developer Netgate

    For local clients and EAP-MSCHAPv2, they go on the PSK tab, with entries set for EAP, as described in the documentation:


Log in to reply