<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN">
<html><body>
<p>Hi,</p>
<p> </p>
<p>I want to establish an ipsec tunnel between a windows 7 machine using the Firewall with advanced security and a debian machine with strongswan.</p>
<p>I test with psk and it works fine, <br />now i want to test with certificates :</p>
<p> </p>
<p>I follow this tutorial :<br />http://tiebing.blogspot.fr/2012/05/windows-7-ikev2-error-13806.html</p>
<p>when the certificates are generated usign the ipsec pki tool no problem,</p>
<p>but when i test to generate them with openssl i can see that the ISAKMP SA (IKEv1) fail before authentication phase.<br />i have the four first messages and the an informational message.<br /><br />I look the auth.log on the strongswan machine and i get the following error :</p>
<p>Jun 13 13:43:07 wheezy pluto[5439]: | state object #2 found, in STATE_MAIN_R2<br />Jun 13 13:43:07 wheezy pluto[5439]: "win" #2: next payload type of ISAKMP Hash Payload has an unknown value: 185<br />Jun 13 13:43:07 wheezy pluto[5439]: "win" #2: malformed payload in packet<br />Jun 13 13:43:07 wheezy pluto[5439]: | next event EVENT_RETRANSMIT in 2 seconds for #1</p>
<p>this is my ipsec.conf file :</p>
<p># ipsec.conf - strongSwan IPsec configuration file<br /><br /># basic configuration<br /><br />config setup<br /> # plutodebug=all<br /> # crlcheckinterval=600<br /> # strictcrlpolicy=yes<br /> # cachecrls=yes<br /> # nat_traversal=yes<br /> charonstart=no<br /> plutostart=yes<br /> plutodebug=control<br /><br /># Add connections here.<br /><br /># tunnel windows<br />include /etc/ipsec.d/win.conf</p>
<p>and my win.conf file</p>
<p>#<br />conn win<br /> authby=rsasig<br /> keyexchange=ikev1<br /> pfs=no<br /> compress=no<br /> leftfirewall=yes<br /> left=10.0.4.6<br /> leftsubnet=10.0.1.0/24<br /> leftid="C=FR, O=Win7, CN=clientA.mycompany.local"<br /> right=10.0.5.4<br /> rightsubnet=10.0.2.0/24<br /> rightcert=serverBcert.pem<br /> auto=add</p>
<p> </p>
<p>Thanks for help!<br /><br />Kelly</p>
<p> </p>
<div> </div>
</body></html>