I'm implementing a Juniper Secure Connect configuration.
I've got it to work with RADIUS authentication, but for some reason the phase 1 authentication is always done with PAP - which is unacceptably insecure.
I've set the password-protocol mschap-v2
flag under [system radius-options]
and indeed the phase 2 authentication is being done with EAP-MSCHAP v2, but phase 1 remains PAP.
I haven't found any documentation on how I can also make phase 1 use MSCHAPv2.
Any suggestions?
------------------------------
Lars Kristensson
------------------------------