IKEv2 MobileVPN with SmartCard
Hello!
We are using IKEv2 Mobile-VPN with authentication with username/password with Windows Clients. This works perfectly.
Now we try to with to authentication via SmartCards. The local login on the clients is working as espected but now we also want to switch VPN Login from username/password to Smartcard - but this failes.
In the log of the firebox I see this entries:
2024-09-08 11:27:45 iked (192.168.178.254<->46.114.X.Y)Received EAP identity: 'myusername@oudomain.de'
which looks promising - the firebox get the correct username but then:
2024-09-08 11:27:45 iked (192.168.178.254<->46.114.X.Y)Invalid EAP type. Received:'EAP_NAK' Expecting:'EAP_IDENTITY'
2024-09-08 11:27:45 iked (192.168.178.254<->46.114.X.Y.)IKEv2 IKE_AUTH EAP exchange from 46.114.X.Y:24685 to 192.168.178.254:4500 failed. Gateway-Endpoint='WG IKEv2 MVPN'. Reason=Received invalid EAP information. msg_id="021A-001E"
Did anybody get this to work?
Thanks
Axel
Comments
NAK is a non-acknowledgment -- the firebox is expecting something else from the credential provider, which is not being provided.
I'd suggest looking at the logs for the smart card software/driver to see what is being provided, and if any errors appear there.
-James Carson
WatchGuard Customer Support