On 2024/01/29 09:43, YASUOKA Masahiko wrote:
> Let me update the diff.  Now I think it works with EAP methods other
> than MSCHAP-V2.
> 
> - feedbacks from markus
>   - support MSK which legnth != 16
>   - give "iked_" for the functions in radiusd
> - pass EAP messages which type isn't support eap.c

I can only test user/password auth via RADIUS at the moment, I don't
have anything setup for EAP_TLS etc.

Connecting from Android StrongSWAN configured for user/password
authentication, using FreeRADIUS (with the standard "users" file backend
to authenticate) is working OK for me.

(At first I had problems, but then I noticed I had "default_eap_type =
md5" in mods-enabled/inner-eap from something which I was testing a long
time ago and had forgotten about - that failed because it doesn't return
the MS-MPPE-Send-Key and ...-Recv-Key attributes - I don't think other
people are very likely to run into this :-)