Hello, I am getting a constraint check failed error while using the StrongSwan Android VPN Client with valid certificates that have been working with StrongSwan on desktops:
[CFG] constraint check failed: identity '192.168.24.2' required Can you help me with debugging this error? These are self-signed certificates that have been validated with OpenSSL. Thank you, I/charon ( 5507): 01[IKE] initiating IKE_SA android[4] to 192.168.24.2 I/charon ( 5507): 01[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] I/charon ( 5507): 01[NET] sending packet: from 192.168.24.17[57072] to 192.168.24.2[500] I/charon ( 5507): 11[NET] received packet: from 192.168.24.2[500] to 192.168.24.17[57072] I/charon ( 5507): 11[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ] I/charon ( 5507): 11[IKE] faking NAT situation to enforce UDP encapsulation I/charon ( 5507): 11[IKE] received cert request for "C=US, ST=VA, L=RESTON, O=Metronome Software LLC, OU=Metronome, CN=metronome-software.com, [email protected]" I/charon ( 5507): 11[IKE] sending cert request for "C=US, ST=VA, L=RESTON, O=Metronome Software LLC, CN=metronome-software.com" I/charon ( 5507): 11[IKE] sending cert request for "C=US, ST=VA, L=RESTON, O=Metronome Software LLC, OU=Metronome, CN=metronome-software.com, [email protected]" I/charon ( 5507): 11[IKE] authentication of 'C=US, ST=VA, L=RESTON, O=Metronome Software LLC, OU=Metronome, CN=192.168.24.17, [email protected]' (myself) with RSA signature successful I/charon ( 5507): 11[IKE] sending end entity cert "C=US, ST=VA, L=RESTON, O=Metronome Software LLC, OU=Metronome, CN=192.168.24.17, [email protected]" I/charon ( 5507): 11[IKE] establishing CHILD_SA android I/keystore( 131): uid: 10049 action: n -> 1 state: 1 -> 1 retry: 4 I/charon ( 5507): 11[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] I/charon ( 5507): 11[NET] sending packet: from 192.168.24.17[60821] to 192.168.24.2[4500] I/charon ( 5507): 16[NET] received packet: from 192.168.24.2[4500] to 192.168.24.17[60821] I/charon ( 5507): 16[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH CP(ADDR) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) ] I/charon ( 5507): 16[IKE] received end entity cert "C=US, ST=VA, L=RESTON, O=Metronome Software LLC, OU=Metronome, CN=192.168.24.2, [email protected]" I/charon ( 5507): 16[CFG] using certificate "C=US, ST=VA, L=RESTON, O=Metronome Software LLC, OU=Metronome, CN=192.168.24.2, [email protected]" I/charon ( 5507): 16[CFG] using trusted ca certificate "C=US, ST=VA, L=RESTON, O=Metronome Software LLC, OU=Metronome, CN=metronome-software.com, [email protected]" I/charon ( 5507): 16[CFG] reached self-signed root ca with a path length of 0 I/charon ( 5507): 16[IKE] authentication of 'C=US, ST=VA, L=RESTON, O=Metronome Software LLC, OU=Metronome, CN=192.168.24.2, [email protected]' with RSA signature successful I/charon ( 5507): 16[CFG] constraint check failed: identity '192.168.24.2' required
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
