<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>You are correct, I am using v4.5.2 on Debian linux (stable branch). It
is the most up to date version available in the stable branch. I took
your advice and upgraded it (to the next available version in the Debian
testing stream - v4.6.4), and my z10 connected to the sever without any
modification to the configs or certificates. Thanks for the tip!<br><br><br>It
looks like I can't communicate with the server at all from the z10, and
vice versa. I will try and work this out on my own when I have more
time. Let me know if you have any suggestions to improve my current
config.<br><br><br>Thanks very much for your help! <br><br><br><div>> Date: Wed, 4 Sep 2013 08:58:35 +0200<br>> From: tobias@strongswan.org<br>> To: gawd0wns@hotmail.com<br>> CC: users@lists.strongswan.org<br>> Subject: Re: [strongSwan] ikev2 vpn using PKI auth with a Blackberry Z10<br>> <br>> Hi,<br>> <br>> You didn't write what strongSwan version you are using. But I suspect<br>> it's something like 4.5.2, certainly before 4.6.3 because this problem here<br>> <br>> > Sep 3 21:39:19 firebrand charon: 12[ENC] invalid X509 hash length (0)<br>> > in certreq<br>> > Sep 3 21:39:19 firebrand charon: 12[ENC] CERTIFICATE_REQUEST<br>> > verification failed<br>> > Sep 3 21:39:19 firebrand charon: 12[ENC] could not decrypt payloads<br>> > Sep 3 21:39:19 firebrand charon: 12[IKE] message verification failed<br>> <br>> should be fixed by [1], which was included in 4.6.3.<br>> <br>> Why the Z10 client sends an empty certificate request, which doesn't<br>> make much sense, is another question. Perhaps the CA certificate is not<br>> installed properly (or at all), or it always does that (bug?).<br>> <br>> Regards,<br>> Tobias<br>> <br>> [1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=4ef867f5<br>> <br></div> </div></body>
</html>