Yeah, right. I already changed the ipsec.conf to: leftsendcert=always
strongSwan generates now the IKE AUTH response IKE AUTH [Idr AUTH CERT EAP]. Now it's a step further but Win 7 still complains with the following message: "Error 13801: IKE authentication credentials are unacceptable" In Win 7 I installed CA certificate used by the strongSwan server as a trusted root certificate. I also made an entry to the Win 7 - host file mapping cert details to the IP address of the strongSwan server. 192.168.10.90 ikeclient Hmm... Thanks for your assistance and great help! Mit freundlichem Gruß / Best regards Sven Kerschbaum Siemens AG Industry Sector Industry Automation Division, I IA&DT ATS 12 mailto:[email protected] http://www.siemens.com/automation Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Gerhard Cromme Managing Board: Peter Loescher, Chairman, President and Chief Executive Officer; Wolfgang Dehen, Heinrich Hiesinger, Joe Kaeser, Barbara Kux, Hermann Requardt, Siegfried Russwurm, Peter Y. Solmssen Registered offices: Berlin and Munich; Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684 WEEE-Reg.-No. DE 23691322 -----Ursprüngliche Nachricht----- Von: Martin Willi [mailto:[email protected]] Gesendet: Freitag, 7. Mai 2010 13:44 An: Kerschbaum, Sven Cc: [email protected] Betreff: Re: AW: [strongSwan] strongSwan + Windows 7 + IKEv2 + MSCHAPv2 (Username and password) Hi again, > the response is just a little bit below: A yes, haven't seen the first authentication round in the log. > Why does strongSwan not reply with IKE AUTH [Idr AUTH CERT EAP REQ/ID] > leftsendcert=never Looks suspicious ;-). The example configuration uses rightsendcert=never, which actually says to not request a certificate from the client. leftsendcert=never will not include our own certificate, for example if a client already has the peer certificate of the gateway. But Windows 7 always expects a certificate payload to authenticate the gateway. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
