Also i should say that the windows is ultimate 64-bit ( build
7601 ) and i used this
<a href="http://wiki.strongswan.org/projects/strongswan/wiki/Win7CertReq">http://wiki.strongswan.org/projects/strongswan/wiki/Win7CertReq</a> completely in my setup.<div><br></div><div>if it is needed i can send ipsec.conf and ... </div>
<div><br></div><div>Thank you<br><br><div class="gmail_quote">On Mon, Aug 27, 2012 at 1:01 PM, Hamid Zamani <span dir="ltr"><<a href="mailto:if.else.fi@gmail.com" target="_blank">if.else.fi@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello , <div><br></div><div>I've configured a debian os with strongswan 5.0.0 and anything is good so i can connect to that with my pc (windows 7-64bit) </div>
<div>but there is no way to connect to server with other PCs and windows ...</div>
<div><br></div><div>and the common error is : " ike authentication credentials are unacceptable" </div><div><br></div><div>and the daemon.log says me : </div><div><br></div><div><div>Aug 27 04:28:15 HAMID charon: 15[NET] received packet: from xxx.xxx.xxx.xxx[956] to yyy.yyy.yyy.yyy[500]</div>
<div>Aug 27 04:28:15
HAMID charon: 15[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]</div><div>Aug 27 04:28:15
HAMID charon: 15[IKE]
xxx.xxx.xxx.xxx[ is initiating an IKE_SA</div><div>Aug 27 04:28:15
HAMID charon: 15[IKE] remote host is behind NAT</div><div>Aug 27 04:28:15
HAMID charon: 15[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]</div><div>Aug 27 04:28:15
HAMID charon: 15[NET] sending packet: from
yyy.yyy.yyy.yyy [500] to
xxx.xxx.xxx.xxx [956]</div><div>Aug 27 04:28:16
HAMID charon: 03[NET] received packet: from
xxx.xxx.xxx.xxx [53196] to
yyy.yyy.yyy.yyy [4500]</div><div>Aug 27 04:28:16
HAMID charon: 03[ENC] parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CP(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]</div><div>Aug 27 04:28:16
HAMID charon: 03[IKE] received cert request for "C=..."</div><div>Aug 27 04:28:16
HAMID charon: 03[IKE] received 11 cert requests for an unknown ca</div><div>Aug 27 04:28:16
HAMID charon: 03[CFG] looking for peer configs matching
yyy.yyy.yyy.yyy [%any]...
xxx.xxx.xxx.xxx [192.168.245.132]</div><div>Aug 27 04:28:16
HAMID charon: 03[CFG] selected peer config 'rw-eap'</div><div>Aug 27 04:28:16
HAMID charon: 03[IKE] initiating EAP_IDENTITY method (id 0x00)</div><div>Aug 27 04:28:16
HAMID charon: 03[IKE] peer supports MOBIKE</div><div>Aug 27 04:28:16
HAMID charon: 03[IKE] authentication of 'C=...' (myself) with RSA signature successful</div><div>Aug 27 04:28:16
HAMID charon: 03[IKE] sending end entity cert "C=..."</div><div>Aug 27 04:28:16
HAMID charon: 03[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]</div><div>Aug 27 04:28:16
HAMID charon: 03[NET] sending packet: from
yyy.yyy.yyy.yyy [4500] to
xxx.xxx.xxx.xxx [53196]</div><div><br></div></div><div>what is the exac problem you think ? </div><div><br></div><div>i sould also append that it is also happenning with ikev2(rsasig) .</div><div><br></div><div>Thank you so much </div>
</blockquote></div><br></div>