Just updated strongSwan from 5.6.2 to 5.6.3 and now the certificate auth doesn’t work from Windows 10 (OSX works) with an IKE error.
IKE authentication credentials are unacceptable. The error code returned on failure is 13801. The certificates are created as follows openssl req -new -newkey rsa:4096 -sha384 -nodes \ -subj "/CN=vpnuser" \ -keyout private/vpnuser.key -out requests/vpnuser.csr openssl ca -config openssl.cnf -create_serial -days 395 \ -keyfile private/ca.key -cert ca.crt -passin pass:"${CAKEYPSWD}" \ -in requests/vpnuser.csr -notext \ -extfile <(cat <<EOF basicConstraints = CA:false subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer authorityInfoAccess = OCSP;URI:http://127.0.0.1:2560 keyUsage=digitalSignature, nonRepudiation extendedKeyUsage = clientAuth subjectAltName = DNS:vpnuser EOF ) Looking at the changleLog, there isn’t any obvious reason… https://wiki.strongswan.org/projects/strongswan/wiki/Changelog56 <https://wiki.strongswan.org/projects/strongswan/wiki/Changelog56> Any ideas? C