1
23.1 Legacy Series / VPN > IPSec: Strongswan 5.9.10+ prevents EAP-TLS authentication
« on: March 22, 2023, 03:43:27 pm »
A regression in the eap-tls plugin of Strongswan 5.9.10+ prevents EAP-TLS authentication. The log shows:
Details: https://github.com/strongswan/strongswan/discussions/1613
Remedy: Downgrade to Strongswan 5.9.9_1 via
But keep in mind that this version is affected by vulnerability CVE-2023-26463.
Code: [Select]
11[IKE] <con1|2> verification of AUTH payload with EAP MSK failed
Details: https://github.com/strongswan/strongswan/discussions/1613
Remedy: Downgrade to Strongswan 5.9.9_1 via
Code: [Select]
opnsense-revert -r 23.1.1 strongswan
But keep in mind that this version is affected by vulnerability CVE-2023-26463.