Hi Quinn, >> Certificates used by different hosts seem to use the same subject DN. >> Are these actually the same certificates/keys? > > Yes. I am using the same end-entity certificate/key on all of my test > systems (Red Hat and Windows).
Are you absolutely sure that all certificates with the same subject DN are actually based on the same public/private key pair? Refer to [1] for a similar issue where that was not the case (although, it was IKEv2 and the authentication succeeded there after failed attempts). Anyway, doing this is definitely not recommended. > In case it makes a difference, I did test opening a tunnel from Linux > to Windows, and that is now working properly (with the fix to the > Windows configuration). Interesting. How does the output of `ipsec listcerts` look like after each of these runs? Regards, Tobias [1] https://wiki.strongswan.org/issues/733#note-12 _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
