Hello, I followed this manual to set up IKEv2 VPN on Ubuntu 16.04: https://raymii.org/s/tutorials/IPSEC_vpn_with_Ubuntu_16.04.html
I successfully established a tunnel on an Android device with Strongswan app and data can be transferred through the VPN server. Now I am stuck at the Windows part (my client is Windows 10). When following this manual ... https://wiki.strongswan.org/projects/strongswan/wiki/Win7Certs ... something already looks different at this step: "Double-clicking on the end entity certificate left in the Personal / Certificates folder shows that a corresponding private key is present in the registry:" There is no remark about a matching private key in my case. Furthermore there is no certificate trust path in the tab "Certification Path". There is simply "strongSwan Root CA". When I try to establish the tunnel on Windows 10, I get this message: "A certificate could not be found that can be used with this Extensible Authentication Protocol." I signed the public key like that: ipsec pki --pub --in private/vpnHostKey.der --type rsa | ipsec pki --issue --lifetime 730 --cacert cacerts/strongswanCert.der --cakey private/strongswanKey.der --dn "C=DE, O=Massivhaus, CN=<hostname>.com" --san <hostname>.com --flag serverAuth --flag ikeIntermediate --outform der > certs/vpnHostCert.der I created the client certificate on the VPN server with this command: ipsec pki --pub --in private/JohnKey.der --type rsa | ipsec pki --issue --lifetime 730 --cacert cacerts/strongswanCert.der --cakey private/strongswanKey.der --dn "C=DE, O=Massivhaus, CN=john@<hostname>.com" --san "john@<hostname>.com" --outform der > certs/JohnCert.der <hostname> is a place holder for the real domain name, which I used. My mind starts to go in circles, I have no idea what I did wrong. I know Windows needs "--flag serverAuth", but it is there (checked with "ipsec pki --print --in certs/vpnHostCert.der)! Any help would be appreciated.
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
