I have IKEv2 VPN working fine with Windows 10 IKEv2 client when using only RADIUS and no Duo. My NPS server is set to use only MSCHAPv2 and not EAP-MSCHAPv2, so I don’t think that lack of EAP-MSCHAPv2 support is the issue, i.e., IKEv2 VPN connects without it in my NPS server settings.
When I throw Duo into the mix, I try to log into the IKEv2 VPN, I get the prompt on my phone and allow it, and the VPN rapidly says “Cannot connect to…” my IKEv2 VPN name. In FSM traffic monitor (with Authentication set to Debug level), I get a line stating:
2020-03-04 21:50:12 iked msg=ike2_StoreMSCHAPv2Result: Received authentication result does not have the expected content Debug
What does “Received authentication result does not have the expected content” mean? I have no idea and Google searches come up with nothing helpful.
Can Duo work with an IKEv2 VPN that works fine using only MCHAPv2 for a plain-RADIUS connection?