EAP-MSCHapv2 with internal users?
I have setup an IPsec mobile client access to my pfsense (2.2.6).
As authentication method in phase 1 I have choosen "EAP-MSChapv2" and on my android device I use strongswan to setup the VPN tunnel.
I have stored a password in the "IPsec Preshared Key" field of the internal pfSense user record.
But with this the connection has been canceled because of authentication problems. Accidentialy I created a new preshared key entry manually in the IPsec tab and there I can choose between PSK and EAP.
And voila: with this username it works now.
Is it a bug or don't I understand how it works? In all how-to's and documentations I have read, I didn't find any hint to this..
For local clients and EAP-MSCHAPv2, they go on the PSK tab, with entries set for EAP, as described in the documentation: