[strongSwan] Windows 7 IKEv2 Error 13806

Thu, 17 May 2012 01:39:03 -0700 

Dear all,

I would like to connect to strongSwan with Windows 7 using IKEV2 and Machine 
Certificate.
I followed the instructions in the strongSwan Wiki but couldn't get it to work.
When trying to connect i receive an error 13806 telling me that Windows is not 
able to find a valid machine certificate.

What i did so far:

- Created Root certificate, StrongSwan Certificate/private key, and Windows 7 
certificate/private key using Openssl.
- Imported the Windows 7 certificate and root Certificate to personal store and 
Computer Trusted Root Authorities (Local computer) respectively.
   Windows 7 indicates the certificate is valid and can be traced to the 
installed root certificate
- Strongswan certificates:
  Subject: C=US, ST=CA, O=mycompany, CN=192.168.5.63
  X509v3 extensions:
            X509v3 Key Usage:
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                1.3.6.1.5.5.8.2.2, TLS Web Server Authentication, TLS Web 
Client Authentication
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 CRL Distribution Points:
                URI:http://192.168.5.204/ca.crl

- Windows 7 certificate:
  Subject: C=US, ST=CA, O=mycompany, CN=win71
  X509v3 extensions:
            X509v3 Key Usage:
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                1.3.6.1.5.5.8.2.2, TLS Web Server Authentication, TLS Web 
Client Authentication
            X509v3 Subject Alternative Name:
                DNS:rras1.mycompany.com
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 CRL Distribution Points:
                URI:http://192.168.5.204/ca.crl

Strongswan is running okay. "ipsec listcerts" indicates that the private key 
and the certificate are both loaded correctly.

Strongswan log:
May 17 15:10:19 14[NET] received packet: from 192.168.5.204[52720] to 
192.168.5.63[500]
May 17 15:10:19 14[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) 
N(NATD_D_IP) ]
May 17 15:10:19 14[IKE] 192.168.5.204 is initiating an IKE_SA
May 17 15:10:19 14[IKE] remote host is behind NAT
May 17 15:10:19 14[IKE] sending cert request for "C=US, ST=CA, L=LA, O=mycompany, 
CN=mycompanyCA"
May 17 15:10:19 14[ENC] generating IKE_SA_INIT response 0 [ SA KE No 
N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
May 17 15:10:19 14[NET] sending packet: from 192.168.5.63[500] to 
192.168.5.204[52720]

Windows 7 is giving the Error 13806 message.

I even disabled the EKU checks according to 
http://wiki.strongswan.org/projects/strongswan/wiki/Win7CertReq and reboot the 
Windows 7 machine, still the 13806 error message.

I would really appreciate some help.

Thank you and best regards,

Todd





_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to