I think you are using right=[IP] try to use hostname specified in remote server certificate.
Anvar Kuchkartaev [email protected] Original Message From: [email protected] Sent: viernes, 17 de noviembre de 2017 10:02 p.m. To: [email protected] Subject: [strongSwan] Difficulty connecting to windows server with linux strongswan client Hello, I'm trying to use a ubuntu strongswan client to connect to a windows vpn server. I'm a strongswan newbie. Also I'm not managing the windows server, but the admin is pretty helpful. The config is anonymized a bit. I tried a lot of different configurations and this is just the latest one. The idea is that first should psk be used, and then smartcard cert should be used for the 2nd phase. It seems that the psk phase works AFAICS, but then negotiation stops, seemingly because the received cert doesnt match the ip or something. The end of the log looks like: 12[ENC] parsed IKE_AUTH response 4 [ EAP/REQ/PEAP ] 12[TLS] negotiated TLS 1.2 using suite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 12[TLS] server certificate does not match to '192.168.220.3' 12[TLS] sending fatal TLS alert 'access denied' 12[ENC] generating IKE_AUTH request 5 [ EAP/RES/PEAP ] Is there some way around this? Is there some way to add an exception for this certificate or something? Mac clients are able to connect to the same server as well as windows based clients. The config. config setup strictcrlpolicy=no uniqueids = yes #charondebug="all" charondebug="ike 4, knl 4,cfg 4,lib 4,tls 4" # nat_traversal=yes # Add connections here. conn my-ipsec leftid=user@domain leftcert=%smartcard:45 authby=pubkey rightid=%any right=theserver rightcert2=sstputvupa.cer leftauth=eap rightauth=psk auto=start -- Joakim Verona [email protected] +46705459454
