Hello list, I'm using the shrew ike daemon (packaged with the Qt client) version 2.1.4 on Ubuntu Linux 9.10. The goal is a roadwarrior installation with X.509 certificate authentication.
When using preshared keys this same configuration works. Mobile clients using other software (IPSecuritas) with the same certificates I'm loading in Shrew work as well so... The problem is that I see 'Gateway authentication error' in the GUI window after trying to connect. The log /var/log/iked.log: ii : unable to get local issuer certificate(20) at depth:0 ii : subject :/CN=name.host.tld !! : unable to verify remote peer certificate The host 'name.host.tld' is in the SubjectAltName of the X.509 certificate loaded on the ike v1 server m0n0wall 1.31. I have concatanated the root and intermediate CA certificates of CaCert.org to the file 'cacert-combi.pem': s:ident-server-type:asn1dn s:auth-server-cert:/home/username/.ike/certs/cacert-combi.pem s:auth-client-cert:/home/username/.ike/certs/myclienthost-cacert-rsa-4096-crt.pem s:auth-client-key:/home/username/.ike/keys/myclienthost-cacert-rsa-4096-key.pem What can be the problem? Thanks, Michael _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
