Did you read the certificate constraints defined in http://wiki.strongswan.org/projects/strongswan/wiki/Win7cCertReq
- gateway name contained either in CN or subjectAltName. - serverAuth Extended Key Usage flag andreas ----- Ursprüngliche Mitteilung ----- > Yeah, right. I already changed the ipsec.conf to: > > leftsendcert=always > > strongSwan generates now the IKE AUTH response IKE AUTH [Idr AUTH CERT EAP]. > > Now it's a step further but Win 7 still complains with the following message: > > "Error 13801: IKE authentication credentials are unacceptable" > > In Win 7 I installed CA certificate used by the strongSwan server as a trusted > root certificate. I also made an entry to the Win 7 - host file mapping cert > details to the IP address of the strongSwan server. > > 192.168.10.90 ikeclient > > Hmm... Thanks for your assistance and great help! > > Mit freundlichem Gruß / Best regards > > Sven Kerschbaum > > Siemens AG > Industry Sector Industry Automation Division, I IA&DT ATS 12 > mailto:[email protected] > http://www.siemens.com/automation > > Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Gerhard Cromme > Managing Board: Peter Loescher, Chairman, President and Chief Executive > Officer; > Wolfgang Dehen, Heinrich Hiesinger, Joe Kaeser, Barbara Kux, Hermann Requardt, > Siegfried Russwurm, Peter Y. Solmssen > Registered offices: Berlin and Munich; > Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684 > WEEE-Reg.-No. DE 23691322 > > > > -----Ursprüngliche Nachricht----- > Von: Martin Willi [mailto:[email protected]] > Gesendet: Freitag, 7. Mai 2010 13:44 > An: Kerschbaum, Sven > Cc: [email protected] > Betreff: Re: AW: [strongSwan] strongSwan + Windows 7 + IKEv2 + MSCHAPv2 > (Username and password) > > Hi again, > > > the response is just a little bit below: > > A yes, haven't seen the first authentication round in the log. > > > Why does strongSwan not reply with IKE AUTH [Idr AUTH CERT EAP REQ/ID] > > > leftsendcert=never > > Looks suspicious ;-). The example configuration uses > rightsendcert=never, which actually says to not request a certificate > from the client. leftsendcert=never will not include our own > certificate, for example if a client already has the peer certificate of > the gateway. But Windows 7 always expects a certificate payload to > authenticate the gateway. > > Regards > Martin > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
