Just updated strongSwan from 5.6.2 to 5.6.3 and now the certificate auth
doesn’t work from Windows 10 (OSX works) with an IKE error.
IKE authentication credentials are unacceptable. The error code returned on
failure is 13801.
The certificates are created as follows
openssl req -new -newkey rsa:4096 -sha384 -nodes \
-subj "/CN=vpnuser" \
-keyout private/vpnuser.key -out requests/vpnuser.csr
openssl ca -config openssl.cnf -create_serial -days 395 \
-keyfile private/ca.key -cert ca.crt -passin pass:"${CAKEYPSWD}" \
-in requests/vpnuser.csr -notext \
-extfile <(cat <<EOF
basicConstraints = CA:false
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
authorityInfoAccess = OCSP;URI:http://127.0.0.1:2560
keyUsage=digitalSignature, nonRepudiation
extendedKeyUsage = clientAuth
subjectAltName = DNS:vpnuser
EOF
)
Looking at the changleLog, there isn’t any obvious reason…
https://wiki.strongswan.org/projects/strongswan/wiki/Changelog56
<https://wiki.strongswan.org/projects/strongswan/wiki/Changelog56>
Any ideas?
C
