Hi Eddie,
Yes, I have managed to get past the PAP/CHAP error; however, as I'd forgotten about this article, my notes on the matter are not strong.
This may be related to Certificate-Based Secure Connect only though. That appears to require an external source of authentication, such as RADIUS or LDAP server. From packet captures and process flows I have observed there are two stages to the connection/authentication process. The first is authentication to download the configuration file from the SRX. This is typically done via Certificate validation or PSK. The second is user authentication, which was traditionally done using the same local user/profile but is now disaggregated into external authentication or firewall authentication.
Below is a current working snippet of the authentication configuration....
> show configuration access
profile SECURE_CONNECT_ACC-PRO {
authentication-order [ radius password ];
client test {
firewall-user {
password "$9$"; ## SECRET-DATA
}
}
client test2 {
firewall-user {
password "$9$"; ## SECRET-DATA
}
}
address-assignment {
pool SECURE_CONNECT_ADDR-POOL;
}
radius-server {
x.x.x.x {
secret "$9$"; ## SECRET-DATA
source-address x.x.x.y;
}
}
}
For more information, see my git repo for a full Secure Connect VPN Configuration...
https://github.com/thewhitehouse007/junos-config-templates/blob/main/remote_vpn.j2
If you search the access profile name "SECURE_CONNECT_ACC-PRO" in the repo, you will see the association of the access profile to the ike gateway and remote-access profile.
------------------------------
GAVIN WHITE
------------------------------
Original Message:
Sent: 06-09-2025 14:35
From: EDDIE RULE
Subject: Juniper Security Connect gives an error: PAP/CHAP Error
Hey Gavin,
I am having the same error, did you figure this out yet?
Best,
Eddie.
------------------------------
EDDIE RULE
Original Message:
Sent: 04-14-2025 23:36
From: GAVIN WHITE
Subject: Juniper Security Connect gives an error: PAP/CHAP Error
Hi Denis,
Did you end up finding a resolution to this problem, I'm seeing the same error and have not found a resolution as yet.
I am continuing to research this and can replicate the problem on multiple platforms using certificate-based Secure Connect configurations.
I would be interested if you found a solution.
Regards,
------------------------------
GAVIN WHITE
Original Message:
Sent: 01-30-2024 02:06
From: Denis Rasskazov
Subject: Juniper Security Connect gives an error: PAP/CHAP Error
I use IPsec in my configuration.
I have published a VPN account in the section:
set access profile JSC-VPN-Access client VPN-ACCOUNT firewall-user password "HASH"
How can I {link | bind} an account to an IPsec tunnel?
------------------------------
Denis Rasskazov
Original Message:
Sent: 01-29-2024 14:31
From: PRASHANTH NAIK
Subject: Juniper Security Connect gives an error: PAP/CHAP Error
Hi Denis,
Which VPN you configured? IPsec or remote? IPsec tunnel you no need to give userID. Remote yes. Please configure the user account and then bind the user to that tunnel.
Regards
Prashant
SRX300 is running in a cluster: Junos: 21.4R3-S3.4 JUNOS Software Release [21.4R3-S3.4]. Configured a VPN connection using the official source:... -posted to the "SRX Next-Gen Firewalls" community
Original Message:
Sent: 1/29/2024 10:46:00 AM
From: Denis Rasskazov
Subject: Juniper Security Connect gives an error: PAP/CHAP Error
SRX300 is running in a cluster:
Junos: 21.4R3-S3.4
JUNOS Software Release [21.4R3-S3.4].
Configured a VPN connection using the official source:
https://www.youtube.com/watch?v=j5p1jQTfILM
When I try to connect, I get an error:
PAP/CHAP error
Wrong User ID or password (VPN)
In the client program log:
ERROR - 2110: XAUTH wrong Userid or Password
Which sections of the configuration should I output?
I checked every line. I carefully entered the username and password.
Thank you for your time.
------------------------------
Denis Rasskazov
------------------------------