> The error message
>
> : 15[IKE] received AUTHENTICATION_FAILED notify error
>
> means that the authentication failed on the remote side.
> Please check the logs of the peer.
>
> Andreas
Andreas,
I've sorted a few things on this end. It appears that TinyCA was putting the
email address as the altName by default so there was no match. Anyway, that
issue has been fixed.
I received an error on connect this time saying that it couldn't validate each
others cert so I copied the left cert to the right machine, and vice versa and
tweaked the .conf file to look like this:
conn fre-lin
left=x.x.x.x
leftcert=left-cert.pem
leftid=@left
leftsubnet=leftlocal/21
leftfirewall=yes
right=y.y.y.y
rightcert=right-cert.pem
rightid=@right
rightsubnet=rightlocal/21
auto=add
Is this the correct way to handle the problem of finding the correct cert for
the right (by explicitly adding it to the connection)?
I can ping both sides of the tunnel now (that is the local vpn internal IP) so
I guess it's working.
Gary Smith
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
