Dear all, I would like to connect to strongSwan with Windows 7 using IKEV2 and Machine Certificate. I followed the instructions in the strongSwan Wiki but couldnt get it to work. When tryining to connect i receive an error 13806 telling me that Windows is not able to find a valid machine certificate.
What i did so far: Imported my Root Certificate to the Computer Trusted Root Authorities. Create a certificate for my Windows 7 machine with KeyUsage digitalSignature and KeyEncipherment, ExtendedKeyUsage clientAuth, serverAuth SubjectAlternateName set to the DNS:win7client.vpntest.local Exported the cert+private key as pkcs12 and imported to the Computers - Personal Cerificate Store. Windows 7 tells me that the certificate is valid and trusted by my Root Certificate Create a certificate for my strongSWan Host with KeyUsage digitalSignature and KeyEncipherment, extendedKeyusage clientAuth, serverAuth SubjetAlterName set to the DNS:strongswan.vpntest.local Set this certificate as leftcert in ipsec.conf Configured ist private Key in ipsec.secrets. DNS name resolution is working of course ;-) I also tried with certificates including IKEIntermediate in extendedKeyUsage. When starting strongSwan with --debug-all i see IKE sending cert request immediatly followed by error 13806 on the Windows Box. I hope anybody can help me out or lead me in the right direction. Thank you in advance, Stefan _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
