<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Hi Tobias,<div><br></div><div>Somehow it didn't catch the right peer config (or none at all)</div><div><span style="font-size: 12pt;"><br></span></div><div><span style="font-size: 12pt;">I'm now as far as the connection establishes until there is a "</span>no trusted certificate found for 'client@vpn.EXAMPLE.de' to verify TLS peer"</div><div><br></div><div>Which somehow irritates me - the certificates are all set up in the /etc/ipsec.d/cert, cacert, etc folders...</div><div><br></div><div><br></div><div><div>charon.log</div><div>May  2 09:34:49 07[CFG] <winCert|2> selected peer config 'winCert'</div><div>May  2 09:34:49 07[IKE] <winCert|2> initiating EAP-Identity request</div><div>May  2 09:34:49 07[IKE] <winCert|2> processing INTERNAL_IP4_ADDRESS attribute</div><div>May  2 09:34:49 07[IKE] <winCert|2> processing INTERNAL_IP4_DNS attribute</div><div>May  2 09:34:49 07[IKE] <winCert|2> processing INTERNAL_IP4_NBNS attribute</div><div>May  2 09:34:49 07[IKE] <winCert|2> processing INTERNAL_IP4_SERVER attribute</div><div>May  2 09:34:49 07[IKE] <winCert|2> processing INTERNAL_IP6_ADDRESS attribute</div><div>May  2 09:34:49 07[IKE] <winCert|2> processing INTERNAL_IP6_DNS attribute</div><div>May  2 09:34:49 07[IKE] <winCert|2> processing INTERNAL_IP6_SERVER attribute</div><div>May  2 09:34:49 07[IKE] <winCert|2> peer supports MOBIKE</div><div>May  2 09:34:49 07[IKE] <winCert|2> authentication of 'C=CN, O=EXAMPLE, CN=vpn.EXAMPLE.de' (myself) with RSA signature successful</div><div>May  2 09:34:49 07[IKE] <winCert|2> sending end entity cert "C=CN, O=EXAMPLE, CN=vpn.EXAMPLE.de"</div><div>May  2 09:34:49 05[IKE] <winCert|2> received EAP identity 'client@vpn.EXAMPLE.de'</div><div>May  2 09:34:49 05[TLS] <winCert|2> 33 supported TLS cipher suites:</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_DHE_RSA_WITH_AES_128_CBC_SHA</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_DHE_RSA_WITH_AES_128_CBC_SHA256</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_DHE_RSA_WITH_AES_256_CBC_SHA</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_DHE_RSA_WITH_AES_256_CBC_SHA256</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_RSA_WITH_AES_128_CBC_SHA</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_RSA_WITH_AES_128_CBC_SHA256</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_RSA_WITH_AES_256_CBC_SHA</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_RSA_WITH_AES_256_CBC_SHA256</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_RSA_WITH_CAMELLIA_128_CBC_SHA</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_RSA_WITH_CAMELLIA_256_CBC_SHA</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_RSA_WITH_3DES_EDE_CBC_SHA</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_ECDHE_ECDSA_WITH_NULL_SHA</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_ECDHE_RSA_WITH_NULL_SHA</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_RSA_WITH_NULL_SHA</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_RSA_WITH_NULL_SHA256</div><div>May  2 09:34:49 05[TLS] <winCert|2>   TLS_RSA_WITH_NULL_MD5</div><div>May  2 09:34:49 05[TLS] <winCert|2> sending EAP_TLS start packet (6 bytes)</div><div>May  2 09:34:49 05[IKE] <winCert|2> initiating EAP_TLS method (id 0xAC)</div><div>May  2 09:34:50 04[TLS] <winCert|2> processing TLS Handshake record (169 bytes)</div><div>May  2 09:34:50 04[TLS] <winCert|2> received TLS ClientHello handshake (165 bytes)</div><div>May  2 09:34:50 04[TLS] <winCert|2> received TLS 'status request' extension</div><div>May  2 09:34:50 04[TLS] <winCert|2> received TLS 'elliptic curves' extension</div><div>May  2 09:34:50 04[TLS] <winCert|2> received TLS 'ec point formats' extension</div><div>May  2 09:34:50 04[TLS] <winCert|2> received TLS 'signature algorithms' extension</div><div>May  2 09:34:50 04[TLS] <winCert|2> received TLS '(35)' extension</div><div>May  2 09:34:50 04[TLS] <winCert|2> received TLS '(23)' extension</div><div>May  2 09:34:50 04[TLS] <winCert|2> received TLS 'renegotiation info' extension</div><div>May  2 09:34:50 04[TLS] <winCert|2> received 30 TLS cipher suites:</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_DHE_RSA_WITH_AES_256_GCM_SHA384</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_DHE_RSA_WITH_AES_256_CBC_SHA</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_DHE_RSA_WITH_AES_128_CBC_SHA</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_RSA_WITH_AES_256_GCM_SHA384</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_RSA_WITH_AES_128_GCM_SHA256</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_RSA_WITH_AES_256_CBC_SHA256</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_RSA_WITH_AES_128_CBC_SHA256</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_RSA_WITH_AES_256_CBC_SHA</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_RSA_WITH_AES_128_CBC_SHA</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_RSA_WITH_3DES_EDE_CBC_SHA</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_DHE_DSS_WITH_AES_256_CBC_SHA256</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_DHE_DSS_WITH_AES_128_CBC_SHA256</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_DHE_DSS_WITH_AES_256_CBC_SHA</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_DHE_DSS_WITH_AES_128_CBC_SHA</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_RSA_WITH_RC4_128_SHA</div><div>May  2 09:34:50 04[TLS] <winCert|2>   TLS_RSA_WITH_RC4_128_MD5</div><div>May  2 09:34:50 04[TLS] <winCert|2> negotiated TLS version TLS 1.2 with suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</div><div>May  2 09:34:50 04[TLS] <winCert|2> sending TLS ServerHello handshake (38 bytes)</div><div>May  2 09:34:50 04[TLS] <winCert|2> sending TLS server certificate 'C=CN, O=EXAMPLE, CN=vpn.EXAMPLE.de'</div><div>May  2 09:34:50 04[TLS] <winCert|2> sending TLS Certificate handshake (853 bytes)</div><div>May  2 09:34:50 04[TLS] <winCert|2> selected ECDH group SECP256R1</div><div>May  2 09:34:50 04[TLS] <winCert|2> created signature with SHA256/RSA</div><div>May  2 09:34:50 04[TLS] <winCert|2> sending TLS ServerKeyExchange handshake (329 bytes)</div><div>May  2 09:34:50 04[TLS] <winCert|2> sending TLS cert request for 'C=CN, O=EXAMPLE, CN=EXAMPLE ca'</div><div>May  2 09:34:50 04[TLS] <winCert|2> sending TLS CertificateRequest handshake (87 bytes)</div><div>May  2 09:34:50 04[TLS] <winCert|2> sending TLS ServerHelloDone handshake (0 bytes)</div><div>May  2 09:34:50 04[TLS] <winCert|2> sending TLS Handshake record (1327 bytes)</div><div>May  2 09:34:50 04[TLS] <winCert|2> sending EAP_TLS first fragment (512 bytes)</div><div>May  2 09:34:50 01[TLS] <winCert|2> received EAP_TLS acknowledgement packet</div><div>May  2 09:34:50 01[TLS] <winCert|2> sending EAP_TLS further fragment (512 bytes)</div><div>May  2 09:34:50 15[TLS] <winCert|2> received EAP_TLS acknowledgement packet</div><div>May  2 09:34:50 15[TLS] <winCert|2> sending EAP_TLS final fragment (330 bytes)</div><div>May  2 09:34:50 13[TLS] <winCert|2> processing TLS Handshake record (1198 bytes)</div><div>May  2 09:34:50 13[TLS] <winCert|2> received TLS Certificate handshake (860 bytes)</div><div>May  2 09:34:50 13[TLS] <winCert|2> received TLS peer certificate 'C=CN, O=EXAMPLE, CN=client@vpn.EXAMPLE.de'</div><div>May  2 09:34:50 13[TLS] <winCert|2> received TLS ClientKeyExchange handshake (66 bytes)</div><div>May  2 09:34:50 13[TLS] <winCert|2> received TLS CertificateVerify handshake (260 bytes)</div><div>May  2 09:34:50 13[TLS] <winCert|2> no trusted certificate found for 'client@vpn.EXAMPLE.de' to verify TLS peer</div><div>May  2 09:34:50 13[TLS] <winCert|2> processing TLS ChangeCipherSpec record (1 bytes)</div><div>May  2 09:34:50 13[TLS] <winCert|2> processing TLS Handshake record (64 bytes)</div><div>May  2 09:34:50 13[TLS] <winCert|2> sending fatal TLS alert 'certificate unknown'</div><div>May  2 09:34:50 13[TLS] <winCert|2> sending TLS Alert record (2 bytes)</div><div>May  2 09:34:50 13[TLS] <winCert|2> sending EAP_TLS packet (17 bytes)</div><div>May  2 09:34:50 11[TLS] <winCert|2> received EAP_TLS acknowledgement packet</div><div>May  2 09:34:50 11[IKE] <winCert|2> EAP method EAP_TLS failed for peer 10.145.250.86</div><div>May  2 09:34:50 11[IKE] <winCert|2> IKE_SA winCert[2] state change: CONNECTING => DESTROYING</div><div><br></div><div>$ ipsec listall</div><div><br></div><div>List of X.509 End Entity Certificates:</div><div><br></div><div>  altNames:  vpn.EXAMPLE.de</div><div>  subject:  "C=CN, O=EXAMPLE, CN=vpn.EXAMPLE.de"</div><div>  issuer:   "C=CN, O=EXAMPLE, CN=EXAMPLE ca"</div><div>  serial:    42:74:78:dc:fb:e6:20:e5</div><div>  validity:  not before Apr 26 13:34:15 2016, ok</div><div>             not after  Apr 26 13:34:15 2019, ok</div><div>  pubkey:    RSA 2048 bits, has private key</div><div>  keyid:     a3:59:05:59:8f:b5:72:33:4f:cd:3a:61:63:ef:ec:a1:f8:10:f7:85</div><div>  subjkey:   a9:c6:81:ee:06:02:5a:2c:4d:92:a1:4a:8a:be:c4:cd:29:e8:22:69</div><div>  authkey:   8c:e9:ee:33:b5:8a:f7:11:88:b1:15:3f:0c:8f:4c:19:e6:28:f1:47</div><div><br></div><div>List of X.509 CA Certificates:</div><div><br></div><div>  subject:  "C=CN, O=EXAMPLE, CN=EXAMPLE ca"</div><div>  issuer:   "C=CN, O=EXAMPLE, CN=EXAMPLE ca"</div><div>  serial:    00:cf:53:e9:6a:82:8e:08:da</div><div>  validity:  not before Apr 25 19:32:30 2016, ok</div><div>             not after  Apr 25 19:32:30 2019, ok</div><div>  pubkey:    RSA 2048 bits</div><div>  keyid:     7e:7f:f2:cc:cd:6f:53:c3:01:15:06:46:16:cc:99:d8:09:7a:71:a1</div><div>  subjkey:   8c:e9:ee:33:b5:8a:f7:11:88:b1:15:3f:0c:8f:4c:19:e6:28:f1:47</div><div>  authkey:   8c:e9:ee:33:b5:8a:f7:11:88:b1:15:3f:0c:8f:4c:19:e6:28:f1:47</div><div><br></div><div>List of registered IKEv2 Algorithms:</div><div><br></div><div>  encryption: AES_CBC[aes] 3DES_CBC[des] DES_CBC[des] DES_ECB[des] CAMELLIA_CBC[openssl] RC5_CBC[openssl]</div><div>              IDEA_CBC[openssl] CAST_CBC[openssl] BLOWFISH_CBC[openssl] NULL[openssl] AES_CTR[ctr] CAMELLIA_CTR[ctr]</div><div>  integrity:  AES_XCBC_96[xcbc] CAMELLIA_XCBC_96[xcbc] HMAC_SHA1_96[hmac] HMAC_SHA1_128[hmac] HMAC_SHA1_160[hmac]</div><div>              HMAC_SHA2_256_128[hmac] HMAC_SHA2_256_256[hmac] HMAC_MD5_96[hmac] HMAC_MD5_128[hmac]</div><div>              HMAC_SHA2_384_192[hmac] HMAC_SHA2_384_384[hmac] HMAC_SHA2_512_256[hmac]</div><div>  aead:       AES_CCM_8[ccm] AES_CCM_12[ccm] AES_CCM_16[ccm] CAMELLIA_CCM_8[ccm] CAMELLIA_CCM_12[ccm]</div><div>              CAMELLIA_CCM_16[ccm] AES_GCM_8[gcm] AES_GCM_12[gcm] AES_GCM_16[gcm]</div><div>  hasher:     HASH_SHA1[sha1] HASH_SHA224[sha2] HASH_SHA256[sha2] HASH_SHA384[sha2] HASH_SHA512[sha2] HASH_MD5[md5]</div><div>              HASH_MD2[openssl] HASH_MD4[openssl]</div><div>  prf:        PRF_KEYED_SHA1[sha1] PRF_FIPS_SHA1_160[fips-prf] PRF_AES128_XCBC[xcbc] PRF_CAMELLIA128_XCBC[xcbc]</div><div>              PRF_HMAC_SHA1[hmac] PRF_HMAC_SHA2_256[hmac] PRF_HMAC_MD5[hmac] PRF_HMAC_SHA2_384[hmac]</div><div>              PRF_HMAC_SHA2_512[hmac]</div><div>  dh-group:   MODP_2048[openssl] MODP_2048_224[openssl] MODP_2048_256[openssl] MODP_1536[openssl] ECP_256[openssl]</div><div>              ECP_384[openssl] ECP_521[openssl] ECP_224[openssl] ECP_192[openssl] MODP_3072[openssl] MODP_4096[openssl]</div><div>              MODP_6144[openssl] MODP_8192[openssl] MODP_1024[openssl] MODP_1024_160[openssl] MODP_768[openssl]</div><div>              MODP_CUSTOM[openssl]</div><div>  random-gen: RNG_STRONG[random] RNG_TRUE[random]</div><div><br></div><div><br></div><div>My ipsec.conf:</div><div><br></div><div>config setup</div><div>  charondebug="ike 2, knl 3, cfg 1, enc -1, lib -1"</div><div>  charonstart=yes</div><div>  plutostart=no</div><div>  </div><div>conn %default</div><div>  keyexchange=ikev2</div><div>  dpdaction=clear</div><div>  dpddelay=300s</div><div>  rekey=no</div><div><br></div><div>conn winCert</div><div>  left=%defaultroute</div><div>  leftcert=vpn.server.cert.pem</div><div>  leftauth=pubkey</div><div>  leftsubnet=0.0.0.0/24</div><div>  right=%any</div><div>  rightauth=eap-tls</div><div>  eap_identity=%identity</div><div>  rightsendcert=never</div><div>  rightsourceip=172.20.1.1/24</div><div>  keyexchange=ikev2</div><div>  auto=add</div><div><br></div><div><br></div><div>  </div><div>Client Cwertificate:</div><div> Certificate:</div><div>    Data:</div><div>        Version: 3 (0x2)</div><div>        Serial Number:</div><div>            16:9d:7d:a3:4e:fa:99:d8</div><div>    Signature Algorithm: sha1WithRSAEncryption</div><div>        Issuer: C=CN, O=EXAMPLE, CN=EXAMPLE ca</div><div>        Validity</div><div>            Not Before: Apr 29 12:21:38 2016 GMT</div><div>            Not After : Apr 29 12:21:38 2019 GMT</div><div>        Subject: C=CN, O=EXAMPLE, CN=client@vpn.EXAMPLE.de</div><div>        Subject Public Key Info:</div><div>            Public Key Algorithm: rsaEncryption</div><div>                Public-Key: (2048 bit)</div><div>                Modulus:</div><div>                    00:e8:67:b2:aa:3f:99:c7:cd:fa:e5:18:7d:0d:b4:</div><div>                    18:23:0a:a6:12:d6:ef:fe:a0:87:25:8b:bb:36:b7:</div><div>                    2c:d2:09:48:32:14:a4:62:49:a1:4d:1e:98:a7:5e:</div><div>                    15:68:b0:39:12:0c:fb:e1:1b:d1:6a:b7:05:c9:57:</div><div>                    46:39:19:63:db:31:bb:24:ca:9e:ff:4d:39:05:64:</div><div>                    b0:22:14:41:24:db:47:01:8b:25:bb:be:fa:c3:6f:</div><div>                    00:51:91:31:75:cc:37:53:99:dd:aa:9a:d2:0d:4b:</div><div>                    e3:c6:0c:82:26:04:80:52:46:aa:a9:2c:b9:df:04:</div><div>                    76:44:07:7c:1e:e4:a2:94:07:1a:d0:76:e8:92:21:</div><div>                    23:5a:eb:ff:01:b5:7e:b9:5b:cc:fa:d3:7d:ae:cb:</div><div>                    3f:54:51:4e:b1:bf:5a:15:cb:62:5e:90:66:13:51:</div><div>                    6d:70:f1:72:9f:c0:a5:14:16:06:27:1d:f0:5c:42:</div><div>                    92:61:2a:5b:e9:4f:4e:6b:78:b4:69:fc:3b:73:49:</div><div>                    4c:6d:fc:8a:28:6b:be:61:23:cd:7b:b7:38:6f:3e:</div><div>                    83:a0:86:ad:94:a3:76:a4:6f:f3:84:f5:c8:81:38:</div><div>                    3d:48:f5:71:98:f3:9c:15:a9:83:0f:31:85:be:73:</div><div>                    1b:f2:fe:87:b8:60:50:9e:9e:86:a4:51:62:ba:3c:</div><div>                    56:eb</div><div>                Exponent: 65537 (0x10001)</div><div>        X509v3 extensions:</div><div>            X509v3 Authority Key Identifier:</div><div>                keyid:8C:33:48:94:BF:4B:B7:08:97:C9:99:A6:A8:F1:D0:4B:C0:89:4D:E5</div><div><br></div><div>            X509v3 Subject Alternative Name:</div><div>                DNS:vpn.EXAMPLE.de</div><div>            X509v3 Extended Key Usage:</div><div>                TLS Web Client Authentication</div><div>    Signature Algorithm: sha1WithRSAEncryption</div><div>         94:58:d4:1a:64:90:1f:b1:e6:f4:0c:f5:9f:83:87:71:c2:41:</div><div>         1b:4a:33:7e:03:f4:b2:66:73:4c:85:11:e2:4b:c3:bd:36:0c:</div><div>         70:66:40:aa:ae:67:4d:63:37:63:3f:b3:23:59:7b:24:89:e0:</div><div>         17:c2:4a:b1:9f:6c:45:dd:0a:2d:c2:c7:5e:ab:d6:0c:0a:d5:</div><div>         91:41:78:84:28:6d:11:93:8a:f4:94:0e:c9:83:b5:c4:ee:17:</div><div>         fe:32:11:ee:51:b7:7c:0c:d3:2d:b0:0b:e2:8c:d7:7b:23:3f:</div><div>         a9:18:e6:c6:92:93:e7:38:85:78:2b:57:44:cf:d8:c3:55:ad:</div><div>         ae:c2:01:49:e9:63:74:a2:60:9a:3c:41:3e:0b:c5:21:c8:0e:</div><div>         b7:af:bc:4b:36:13:d5:47:75:e2:6b:ba:5d:74:42:50:60:7a:</div><div>         44:55:7a:b3:94:98:7b:d5:df:90:81:1d:fb:4a:98:4b:18:54:</div><div>         96:77:ce:8d:b1:0d:96:1b:88:47:33:e9:89:81:a9:8d:5c:24:</div><div>         c4:2f:8a:e1:9a:c4:52:96:c6:12:4b:de:d0:e9:4e:cd:cf:24:</div><div>         66:16:dd:f8:f1:13:88:3b:5d:82:8c:89:6b:db:f3:e2:24:88:</div><div>         de:a3:18:bb:e9:25:e1:75:c3:d8:a7:ef:23:a1:85:f0:6f:50:</div><div>         ef:4a:b5:a1</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre">         </span> </div><div>Server Certificate:</div><div>Certificate:</div><div>    Data:</div><div>        Version: 3 (0x2)</div><div>        Serial Number:</div><div>            2a:27:5d:38:11:4a:d3:15</div><div>    Signature Algorithm: sha1WithRSAEncryption</div><div>        Issuer: C=CN, O=EXAMPLE, CN=EXAMPLE ca</div><div>        Validity</div><div>            Not Before: Apr 29 12:21:34 2016 GMT</div><div>            Not After : Apr 29 12:21:34 2019 GMT</div><div>        Subject: C=CN, O=EXAMPLE, CN=vpn.EXAMPLE.de</div><div>        Subject Public Key Info:</div><div>            Public Key Algorithm: rsaEncryption</div><div>                Public-Key: (2048 bit)</div><div>                Modulus:</div><div>                    00:bd:8f:d0:ee:39:4c:91:69:9b:2e:17:de:f7:2e:</div><div>                    93:8c:53:65:c0:ec:ab:31:96:b6:e3:e0:16:e0:77:</div><div>                    f4:8f:a8:cd:93:ee:19:30:87:0a:14:de:48:7f:a0:</div><div>                    c4:0b:2c:43:d1:29:3b:99:b4:7a:b8:d9:f3:89:8f:</div><div>                    39:8e:12:d1:5e:7f:d9:02:dc:a1:6c:1f:81:85:67:</div><div>                    f8:a3:fa:8b:bc:22:0a:80:64:2d:88:14:79:25:ad:</div><div>                    e6:08:6b:e6:c0:c0:ee:02:15:ff:3c:17:69:7e:82:</div><div>                    37:cd:e7:d0:27:56:18:99:0a:90:f9:45:04:de:fe:</div><div>                    bc:03:38:d1:73:4d:c1:5c:76:7a:0c:b6:f7:2b:dd:</div><div>                    3f:d9:46:57:bf:b6:af:30:de:52:d6:3e:56:3a:43:</div><div>                    0d:9e:bc:6f:e2:a2:10:ed:e6:0f:d5:9d:ed:9a:c9:</div><div>                    7b:db:64:ba:06:4f:0e:ba:dd:58:b4:df:49:00:db:</div><div>                    13:c7:c9:7b:0e:25:2d:19:fb:ad:75:42:e6:f6:93:</div><div>                    bc:3a:7b:37:2d:51:4a:25:9f:d4:56:0f:30:d3:eb:</div><div>                    ec:81:c5:36:45:bf:d8:bc:ab:cb:41:40:90:c4:6b:</div><div>                    4f:99:53:f9:b5:52:76:ec:e3:f9:ef:e5:93:c9:d2:</div><div>                    fd:e4:2c:59:7e:cd:ff:e2:e8:1f:61:b4:31:17:92:</div><div>                    f6:95</div><div>                Exponent: 65537 (0x10001)</div><div>        X509v3 extensions:</div><div>            X509v3 Authority Key Identifier:</div><div>                keyid:8C:33:48:94:BF:4B:B7:08:97:C9:99:A6:A8:F1:D0:4B:C0:89:4D:E5</div><div><br></div><div>            X509v3 Subject Alternative Name:</div><div>                DNS:vpn.EXAMPLE.de</div><div>            X509v3 Extended Key Usage:</div><div>                TLS Web Server Authentication</div><div>    Signature Algorithm: sha1WithRSAEncryption</div><div>         69:b0:8d:80:d3:84:be:d0:a5:54:1b:6b:f6:4f:c5:4a:e9:e2:</div><div>         99:42:7f:fa:26:8e:b8:ba:eb:a3:ba:c2:28:d1:62:1d:82:79:</div><div>         54:73:25:4e:55:9f:21:a6:ce:54:e1:a9:06:e2:21:46:68:7e:</div><div>         3d:5f:66:c6:91:7c:c3:c0:9b:b6:86:ce:c7:1c:f9:72:cf:40:</div><div>         e1:00:6a:17:c3:4d:66:dc:71:37:57:b6:10:d9:57:cd:33:41:</div><div>         1f:5e:47:80:1c:19:d4:d4:f7:36:1e:2f:e0:bc:0e:09:46:fa:</div><div>         77:39:f1:1a:b1:38:31:14:53:02:06:80:c5:a3:fa:76:1e:f4:</div><div>         78:31:f9:95:71:f2:c9:29:77:86:b5:75:de:eb:1b:90:c4:34:</div><div>         e9:03:36:15:c5:4c:6c:a6:f2:f9:2c:01:34:29:56:36:0e:aa:</div><div>         03:d8:af:e4:96:1f:f5:7b:6b:82:2f:c8:56:2c:8d:3b:88:a2:</div><div>         87:34:66:e3:7f:19:c7:86:88:48:64:eb:5f:c5:32:11:4a:c7:</div><div>         91:17:4a:de:24:7d:e1:af:f2:c4:2c:fd:8c:7b:d9:d8:12:05:</div><div>         4d:81:2f:c5:e6:82:2a:a2:cf:d9:40:41:80:e0:15:a0:8b:d2:</div><div>         31:f0:79:6b:06:48:ac:14:9f:a1:2b:eb:66:3a:61:47:95:a9:</div><div>         9e:d5:6e:26</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre">            </span> </div><div>CA Certificate:</div><div>Certificate:</div><div>    Data:</div><div>        Version: 3 (0x2)</div><div>        Serial Number:</div><div>            fc:f7:56:28:32:8e:88:55</div><div>    Signature Algorithm: sha1WithRSAEncryption</div><div>        Issuer: C=CN, O=EXAMPLE, CN=EXAMPLE ca</div><div>        Validity</div><div>            Not Before: Apr 29 12:21:31 2016 GMT</div><div>            Not After : Apr 29 12:21:31 2019 GMT</div><div>        Subject: C=CN, O=EXAMPLE, CN=EXAMPLE ca</div><div>        Subject Public Key Info:</div><div>            Public Key Algorithm: rsaEncryption</div><div>                Public-Key: (2048 bit)</div><div>                Modulus:</div><div>                    00:db:92:a0:a2:1d:f6:8e:cd:64:d8:da:b5:ab:a4:</div><div>                    b9:40:fc:03:d9:43:94:9e:2b:42:4e:b7:d8:a7:0e:</div><div>                    3b:9e:be:49:76:b1:ae:d3:5f:72:b7:1d:4e:56:0c:</div><div>                    bd:a8:d1:f1:73:81:b5:7f:15:a0:ab:fc:f3:2c:ec:</div><div>                    c4:0b:aa:b1:82:bd:9b:09:a2:14:f6:84:a3:08:c7:</div><div>                    10:21:97:8e:9e:15:91:67:28:81:31:96:11:40:8f:</div><div>                    33:52:4a:e0:3a:fc:29:9a:db:15:ec:74:f5:db:52:</div><div>                    25:ff:a2:49:da:f9:de:84:c7:42:fa:d0:3a:71:cf:</div><div>                    d5:28:8f:3b:bb:71:14:50:5e:f0:e1:2b:6a:da:5e:</div><div>                    77:35:f1:88:c3:0a:9a:19:80:05:b9:23:ce:bd:1c:</div><div>                    a9:3a:b6:ed:90:48:05:00:e4:38:cf:e8:83:b8:c8:</div><div>                    1d:09:a8:0c:1e:1a:d2:cf:f4:83:02:4f:b9:ea:a3:</div><div>                    f3:6f:6a:57:90:f6:72:c4:81:70:56:08:35:49:98:</div><div>                    41:e9:1b:0a:51:6f:af:8c:ec:f3:74:79:15:20:3a:</div><div>                    0d:b8:b2:7e:46:9f:76:12:04:4b:cc:cc:d4:a8:dc:</div><div>                    57:ed:10:e1:ec:4e:8e:db:ee:e0:f3:3a:c6:a1:49:</div><div>                    d6:b6:87:21:5b:b7:e3:ed:2d:14:a2:3f:2e:06:c0:</div><div>                    8d:65</div><div>                Exponent: 65537 (0x10001)</div><div>        X509v3 extensions:</div><div>            X509v3 Basic Constraints: critical</div><div>                CA:TRUE</div><div>            X509v3 Key Usage: critical</div><div>                Certificate Sign, CRL Sign</div><div>            X509v3 Subject Key Identifier:</div><div>                8C:33:48:94:BF:4B:B7:08:97:C9:99:A6:A8:F1:D0:4B:C0:89:4D:E5</div><div>            X509v3 Authority Key Identifier:</div><div>                keyid:8C:33:48:94:BF:4B:B7:08:97:C9:99:A6:A8:F1:D0:4B:C0:89:4D:E5</div><div><br></div><div>    Signature Algorithm: sha1WithRSAEncryption</div><div>         1a:22:60:85:55:d6:12:47:c7:23:6b:7a:26:15:98:f5:cd:c6:</div><div>         fb:12:bb:5e:c4:8c:f3:b8:db:bb:68:6b:e5:40:a4:8f:1b:fc:</div><div>         86:9a:65:48:b2:3c:4f:77:44:87:66:25:cf:9c:02:bd:61:81:</div><div>         07:6d:28:82:c1:f9:36:dd:44:cf:fa:47:6d:82:9e:54:82:35:</div><div>         38:7b:eb:ef:79:3d:f3:ba:5b:43:b2:78:99:76:5e:41:02:2f:</div><div>         67:97:88:bb:ae:5b:6e:a1:9a:26:c2:c1:30:9d:e8:93:ed:99:</div><div>         da:02:db:f6:b2:56:b7:bb:80:c7:9f:a2:24:8a:41:f3:db:19:</div><div>         74:ad:d2:e6:7c:5e:17:69:72:a0:d1:0d:fe:6e:b7:bf:9f:0c:</div><div>         ac:e3:8e:00:d5:86:a1:2f:27:6b:f6:c4:92:cc:af:c5:db:9c:</div><div>         ba:8b:1a:eb:aa:f0:74:6f:ef:78:d3:7f:c8:25:53:2c:e8:50:</div><div>         ca:7f:19:b6:f6:38:93:28:ba:28:d7:78:25:79:c9:7a:c0:23:</div><div>         99:72:65:55:bb:23:e7:52:96:93:ae:b7:37:70:5e:0f:32:73:</div><div>         ee:d7:4c:35:24:81:96:d2:d3:fb:fb:93:49:27:b4:b4:f0:a0:</div><div>         d4:8f:7b:a9:3f:f1:a6:1c:65:71:11:ba:77:8f:ed:ee:d5:ef:</div><div>         96:cb:47:bc</div><div style="font-size: 12pt;"><br></div></div><div style="font-size: 12pt;"><br></div><div style="font-size: 12pt;">Thanks,<br>Arne</div><div><span style="font-size: 12pt;"><br></span></div><div><span style="font-size: 12pt;">Subject: Re: [strongSwan] Win7 and Window10Mobile: IKE authentication credentials are unacceptable</span><div>> To: arne.j.schmid@outlook.com; users@lists.strongswan.org<br>> From: tobias@strongswan.org<br>> Date: Fri, 29 Apr 2016 12:11:59 +0200<br>> <br>> Hi Arne,<br>> <br>> > Apr 28 20:09:50 12[IKE] <1> peer supports MOBIKE<br>> > Apr 28 20:09:50 12[IKE] <1> IKE_SA (unnamed)[1] state change: CONNECTING<br>> > => DESTROYING<br>> <br>> Looks like the daemon encountered an unrecoverable error, maybe while<br>> encoding the response message.  Could leave the log levels for the two<br>> log groups you set to -1 at the default (which is 1) and try again so<br>> we'd see any error messages that might get logged while preparing the<br>> response.<br>> <br>> Regards,<br>> Tobias<br>> <br></div></div>                                           </div></body>
</html>