On Wed, 25 Apr 2018, [email protected] wrote:
Hello! It looks like there are some problems with StronSwan connectivity. (I've tried both on Android and Linux) Or I'm doing something wrong. I've set up everything as per instructions, I am able to connect from Windows 10 native client, but connecting from StrongSwan fails with logs like:
"roadwarriors"[1] 188.233.186.70 #1: certificate verified OK: C=RU,ST=Volgograd oblast,L=Volgograd,O=eQueo IPSec,OU=IT Dept.,CN=j.doe "roadwarriors"[1] 188.233.186.70 #1: No matching subjectAltName found "roadwarriors"[1] 188.233.186.70 #1: certificate does not contain ID_IP subjectAltName=188.233.186.70
It looks like you configured strongswan to use an ID kind of IP, but are missing the SubjectAltName for that IP inside the certificate. You should be using the CN= or one of the DNS based SubjectAltName entries of your certificate as the configured ID on strongswan. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
