<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Hi Tobias,<div><br></div><div>Somehow it didn't catch the right peer config (or none at all)</div><div><span style="font-size: 12pt;"><br></span></div><div><span style="font-size: 12pt;">I'm now as far as the connection establishes until there is a "</span>no trusted certificate found for 'client@vpn.EXAMPLE.de' to verify TLS peer"</div><div><br></div><div>Which somehow irritates me - the certificates are all set up in the /etc/ipsec.d/cert, cacert, etc folders...</div><div><br></div><div><br></div><div><div>charon.log</div><div>May 2 09:34:49 07[CFG] <winCert|2> selected peer config 'winCert'</div><div>May 2 09:34:49 07[IKE] <winCert|2> initiating EAP-Identity request</div><div>May 2 09:34:49 07[IKE] <winCert|2> processing INTERNAL_IP4_ADDRESS attribute</div><div>May 2 09:34:49 07[IKE] <winCert|2> processing INTERNAL_IP4_DNS attribute</div><div>May 2 09:34:49 07[IKE] <winCert|2> processing INTERNAL_IP4_NBNS attribute</div><div>May 2 09:34:49 07[IKE] <winCert|2> processing INTERNAL_IP4_SERVER attribute</div><div>May 2 09:34:49 07[IKE] <winCert|2> processing INTERNAL_IP6_ADDRESS attribute</div><div>May 2 09:34:49 07[IKE] <winCert|2> processing INTERNAL_IP6_DNS attribute</div><div>May 2 09:34:49 07[IKE] <winCert|2> processing INTERNAL_IP6_SERVER attribute</div><div>May 2 09:34:49 07[IKE] <winCert|2> peer supports MOBIKE</div><div>May 2 09:34:49 07[IKE] <winCert|2> authentication of 'C=CN, O=EXAMPLE, CN=vpn.EXAMPLE.de' (myself) with RSA signature successful</div><div>May 2 09:34:49 07[IKE] <winCert|2> sending end entity cert "C=CN, O=EXAMPLE, CN=vpn.EXAMPLE.de"</div><div>May 2 09:34:49 05[IKE] <winCert|2> received EAP identity 'client@vpn.EXAMPLE.de'</div><div>May 2 09:34:49 05[TLS] <winCert|2> 33 supported TLS cipher suites:</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_DHE_RSA_WITH_AES_128_CBC_SHA</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_DHE_RSA_WITH_AES_256_CBC_SHA</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_RSA_WITH_AES_128_CBC_SHA</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_RSA_WITH_AES_128_CBC_SHA256</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_RSA_WITH_AES_256_CBC_SHA</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_RSA_WITH_AES_256_CBC_SHA256</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_RSA_WITH_CAMELLIA_128_CBC_SHA</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_RSA_WITH_CAMELLIA_256_CBC_SHA</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_RSA_WITH_3DES_EDE_CBC_SHA</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_ECDHE_ECDSA_WITH_NULL_SHA</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_ECDHE_RSA_WITH_NULL_SHA</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_RSA_WITH_NULL_SHA</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_RSA_WITH_NULL_SHA256</div><div>May 2 09:34:49 05[TLS] <winCert|2> TLS_RSA_WITH_NULL_MD5</div><div>May 2 09:34:49 05[TLS] <winCert|2> sending EAP_TLS start packet (6 bytes)</div><div>May 2 09:34:49 05[IKE] <winCert|2> initiating EAP_TLS method (id 0xAC)</div><div>May 2 09:34:50 04[TLS] <winCert|2> processing TLS Handshake record (169 bytes)</div><div>May 2 09:34:50 04[TLS] <winCert|2> received TLS ClientHello handshake (165 bytes)</div><div>May 2 09:34:50 04[TLS] <winCert|2> received TLS 'status request' extension</div><div>May 2 09:34:50 04[TLS] <winCert|2> received TLS 'elliptic curves' extension</div><div>May 2 09:34:50 04[TLS] <winCert|2> received TLS 'ec point formats' extension</div><div>May 2 09:34:50 04[TLS] <winCert|2> received TLS 'signature algorithms' extension</div><div>May 2 09:34:50 04[TLS] <winCert|2> received TLS '(35)' extension</div><div>May 2 09:34:50 04[TLS] <winCert|2> received TLS '(23)' extension</div><div>May 2 09:34:50 04[TLS] <winCert|2> received TLS 'renegotiation info' extension</div><div>May 2 09:34:50 04[TLS] <winCert|2> received 30 TLS cipher suites:</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_DHE_RSA_WITH_AES_256_CBC_SHA</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_DHE_RSA_WITH_AES_128_CBC_SHA</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_RSA_WITH_AES_256_GCM_SHA384</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_RSA_WITH_AES_128_GCM_SHA256</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_RSA_WITH_AES_256_CBC_SHA256</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_RSA_WITH_AES_128_CBC_SHA256</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_RSA_WITH_AES_256_CBC_SHA</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_RSA_WITH_AES_128_CBC_SHA</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_RSA_WITH_3DES_EDE_CBC_SHA</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_DHE_DSS_WITH_AES_256_CBC_SHA</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_DHE_DSS_WITH_AES_128_CBC_SHA</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_RSA_WITH_RC4_128_SHA</div><div>May 2 09:34:50 04[TLS] <winCert|2> TLS_RSA_WITH_RC4_128_MD5</div><div>May 2 09:34:50 04[TLS] <winCert|2> negotiated TLS version TLS 1.2 with suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</div><div>May 2 09:34:50 04[TLS] <winCert|2> sending TLS ServerHello handshake (38 bytes)</div><div>May 2 09:34:50 04[TLS] <winCert|2> sending TLS server certificate 'C=CN, O=EXAMPLE, CN=vpn.EXAMPLE.de'</div><div>May 2 09:34:50 04[TLS] <winCert|2> sending TLS Certificate handshake (853 bytes)</div><div>May 2 09:34:50 04[TLS] <winCert|2> selected ECDH group SECP256R1</div><div>May 2 09:34:50 04[TLS] <winCert|2> created signature with SHA256/RSA</div><div>May 2 09:34:50 04[TLS] <winCert|2> sending TLS ServerKeyExchange handshake (329 bytes)</div><div>May 2 09:34:50 04[TLS] <winCert|2> sending TLS cert request for 'C=CN, O=EXAMPLE, CN=EXAMPLE ca'</div><div>May 2 09:34:50 04[TLS] <winCert|2> sending TLS CertificateRequest handshake (87 bytes)</div><div>May 2 09:34:50 04[TLS] <winCert|2> sending TLS ServerHelloDone handshake (0 bytes)</div><div>May 2 09:34:50 04[TLS] <winCert|2> sending TLS Handshake record (1327 bytes)</div><div>May 2 09:34:50 04[TLS] <winCert|2> sending EAP_TLS first fragment (512 bytes)</div><div>May 2 09:34:50 01[TLS] <winCert|2> received EAP_TLS acknowledgement packet</div><div>May 2 09:34:50 01[TLS] <winCert|2> sending EAP_TLS further fragment (512 bytes)</div><div>May 2 09:34:50 15[TLS] <winCert|2> received EAP_TLS acknowledgement packet</div><div>May 2 09:34:50 15[TLS] <winCert|2> sending EAP_TLS final fragment (330 bytes)</div><div>May 2 09:34:50 13[TLS] <winCert|2> processing TLS Handshake record (1198 bytes)</div><div>May 2 09:34:50 13[TLS] <winCert|2> received TLS Certificate handshake (860 bytes)</div><div>May 2 09:34:50 13[TLS] <winCert|2> received TLS peer certificate 'C=CN, O=EXAMPLE, CN=client@vpn.EXAMPLE.de'</div><div>May 2 09:34:50 13[TLS] <winCert|2> received TLS ClientKeyExchange handshake (66 bytes)</div><div>May 2 09:34:50 13[TLS] <winCert|2> received TLS CertificateVerify handshake (260 bytes)</div><div>May 2 09:34:50 13[TLS] <winCert|2> no trusted certificate found for 'client@vpn.EXAMPLE.de' to verify TLS peer</div><div>May 2 09:34:50 13[TLS] <winCert|2> processing TLS ChangeCipherSpec record (1 bytes)</div><div>May 2 09:34:50 13[TLS] <winCert|2> processing TLS Handshake record (64 bytes)</div><div>May 2 09:34:50 13[TLS] <winCert|2> sending fatal TLS alert 'certificate unknown'</div><div>May 2 09:34:50 13[TLS] <winCert|2> sending TLS Alert record (2 bytes)</div><div>May 2 09:34:50 13[TLS] <winCert|2> sending EAP_TLS packet (17 bytes)</div><div>May 2 09:34:50 11[TLS] <winCert|2> received EAP_TLS acknowledgement packet</div><div>May 2 09:34:50 11[IKE] <winCert|2> EAP method EAP_TLS failed for peer 10.145.250.86</div><div>May 2 09:34:50 11[IKE] <winCert|2> IKE_SA winCert[2] state change: CONNECTING => DESTROYING</div><div><br></div><div>$ ipsec listall</div><div><br></div><div>List of X.509 End Entity Certificates:</div><div><br></div><div> altNames: vpn.EXAMPLE.de</div><div> subject: "C=CN, O=EXAMPLE, CN=vpn.EXAMPLE.de"</div><div> issuer: "C=CN, O=EXAMPLE, CN=EXAMPLE ca"</div><div> serial: 42:74:78:dc:fb:e6:20:e5</div><div> validity: not before Apr 26 13:34:15 2016, ok</div><div> not after Apr 26 13:34:15 2019, ok</div><div> pubkey: RSA 2048 bits, has private key</div><div> keyid: a3:59:05:59:8f:b5:72:33:4f:cd:3a:61:63:ef:ec:a1:f8:10:f7:85</div><div> subjkey: a9:c6:81:ee:06:02:5a:2c:4d:92:a1:4a:8a:be:c4:cd:29:e8:22:69</div><div> authkey: 8c:e9:ee:33:b5:8a:f7:11:88:b1:15:3f:0c:8f:4c:19:e6:28:f1:47</div><div><br></div><div>List of X.509 CA Certificates:</div><div><br></div><div> subject: "C=CN, O=EXAMPLE, CN=EXAMPLE ca"</div><div> issuer: "C=CN, O=EXAMPLE, CN=EXAMPLE ca"</div><div> serial: 00:cf:53:e9:6a:82:8e:08:da</div><div> validity: not before Apr 25 19:32:30 2016, ok</div><div> not after Apr 25 19:32:30 2019, ok</div><div> pubkey: RSA 2048 bits</div><div> keyid: 7e:7f:f2:cc:cd:6f:53:c3:01:15:06:46:16:cc:99:d8:09:7a:71:a1</div><div> subjkey: 8c:e9:ee:33:b5:8a:f7:11:88:b1:15:3f:0c:8f:4c:19:e6:28:f1:47</div><div> authkey: 8c:e9:ee:33:b5:8a:f7:11:88:b1:15:3f:0c:8f:4c:19:e6:28:f1:47</div><div><br></div><div>List of registered IKEv2 Algorithms:</div><div><br></div><div> encryption: AES_CBC[aes] 3DES_CBC[des] DES_CBC[des] DES_ECB[des] CAMELLIA_CBC[openssl] RC5_CBC[openssl]</div><div> IDEA_CBC[openssl] CAST_CBC[openssl] BLOWFISH_CBC[openssl] NULL[openssl] AES_CTR[ctr] CAMELLIA_CTR[ctr]</div><div> integrity: AES_XCBC_96[xcbc] CAMELLIA_XCBC_96[xcbc] HMAC_SHA1_96[hmac] HMAC_SHA1_128[hmac] HMAC_SHA1_160[hmac]</div><div> HMAC_SHA2_256_128[hmac] HMAC_SHA2_256_256[hmac] HMAC_MD5_96[hmac] HMAC_MD5_128[hmac]</div><div> HMAC_SHA2_384_192[hmac] HMAC_SHA2_384_384[hmac] HMAC_SHA2_512_256[hmac]</div><div> aead: AES_CCM_8[ccm] AES_CCM_12[ccm] AES_CCM_16[ccm] CAMELLIA_CCM_8[ccm] CAMELLIA_CCM_12[ccm]</div><div> CAMELLIA_CCM_16[ccm] AES_GCM_8[gcm] AES_GCM_12[gcm] AES_GCM_16[gcm]</div><div> hasher: HASH_SHA1[sha1] HASH_SHA224[sha2] HASH_SHA256[sha2] HASH_SHA384[sha2] HASH_SHA512[sha2] HASH_MD5[md5]</div><div> HASH_MD2[openssl] HASH_MD4[openssl]</div><div> prf: PRF_KEYED_SHA1[sha1] PRF_FIPS_SHA1_160[fips-prf] PRF_AES128_XCBC[xcbc] PRF_CAMELLIA128_XCBC[xcbc]</div><div> PRF_HMAC_SHA1[hmac] PRF_HMAC_SHA2_256[hmac] PRF_HMAC_MD5[hmac] PRF_HMAC_SHA2_384[hmac]</div><div> PRF_HMAC_SHA2_512[hmac]</div><div> dh-group: MODP_2048[openssl] MODP_2048_224[openssl] MODP_2048_256[openssl] MODP_1536[openssl] ECP_256[openssl]</div><div> ECP_384[openssl] ECP_521[openssl] ECP_224[openssl] ECP_192[openssl] MODP_3072[openssl] MODP_4096[openssl]</div><div> MODP_6144[openssl] MODP_8192[openssl] MODP_1024[openssl] MODP_1024_160[openssl] MODP_768[openssl]</div><div> MODP_CUSTOM[openssl]</div><div> random-gen: RNG_STRONG[random] RNG_TRUE[random]</div><div><br></div><div><br></div><div>My ipsec.conf:</div><div><br></div><div>config setup</div><div> charondebug="ike 2, knl 3, cfg 1, enc -1, lib -1"</div><div> charonstart=yes</div><div> plutostart=no</div><div> </div><div>conn %default</div><div> keyexchange=ikev2</div><div> dpdaction=clear</div><div> dpddelay=300s</div><div> rekey=no</div><div><br></div><div>conn winCert</div><div> left=%defaultroute</div><div> leftcert=vpn.server.cert.pem</div><div> leftauth=pubkey</div><div> leftsubnet=0.0.0.0/24</div><div> right=%any</div><div> rightauth=eap-tls</div><div> eap_identity=%identity</div><div> rightsendcert=never</div><div> rightsourceip=172.20.1.1/24</div><div> keyexchange=ikev2</div><div> auto=add</div><div><br></div><div><br></div><div> </div><div>Client Cwertificate:</div><div> Certificate:</div><div> Data:</div><div> Version: 3 (0x2)</div><div> Serial Number:</div><div> 16:9d:7d:a3:4e:fa:99:d8</div><div> Signature Algorithm: sha1WithRSAEncryption</div><div> Issuer: C=CN, O=EXAMPLE, CN=EXAMPLE ca</div><div> Validity</div><div> Not Before: Apr 29 12:21:38 2016 GMT</div><div> Not After : Apr 29 12:21:38 2019 GMT</div><div> Subject: C=CN, O=EXAMPLE, CN=client@vpn.EXAMPLE.de</div><div> Subject Public Key Info:</div><div> Public Key Algorithm: rsaEncryption</div><div> Public-Key: (2048 bit)</div><div> Modulus:</div><div> 00:e8:67:b2:aa:3f:99:c7:cd:fa:e5:18:7d:0d:b4:</div><div> 18:23:0a:a6:12:d6:ef:fe:a0:87:25:8b:bb:36:b7:</div><div> 2c:d2:09:48:32:14:a4:62:49:a1:4d:1e:98:a7:5e:</div><div> 15:68:b0:39:12:0c:fb:e1:1b:d1:6a:b7:05:c9:57:</div><div> 46:39:19:63:db:31:bb:24:ca:9e:ff:4d:39:05:64:</div><div> b0:22:14:41:24:db:47:01:8b:25:bb:be:fa:c3:6f:</div><div> 00:51:91:31:75:cc:37:53:99:dd:aa:9a:d2:0d:4b:</div><div> e3:c6:0c:82:26:04:80:52:46:aa:a9:2c:b9:df:04:</div><div> 76:44:07:7c:1e:e4:a2:94:07:1a:d0:76:e8:92:21:</div><div> 23:5a:eb:ff:01:b5:7e:b9:5b:cc:fa:d3:7d:ae:cb:</div><div> 3f:54:51:4e:b1:bf:5a:15:cb:62:5e:90:66:13:51:</div><div> 6d:70:f1:72:9f:c0:a5:14:16:06:27:1d:f0:5c:42:</div><div> 92:61:2a:5b:e9:4f:4e:6b:78:b4:69:fc:3b:73:49:</div><div> 4c:6d:fc:8a:28:6b:be:61:23:cd:7b:b7:38:6f:3e:</div><div> 83:a0:86:ad:94:a3:76:a4:6f:f3:84:f5:c8:81:38:</div><div> 3d:48:f5:71:98:f3:9c:15:a9:83:0f:31:85:be:73:</div><div> 1b:f2:fe:87:b8:60:50:9e:9e:86:a4:51:62:ba:3c:</div><div> 56:eb</div><div> Exponent: 65537 (0x10001)</div><div> X509v3 extensions:</div><div> X509v3 Authority Key Identifier:</div><div> keyid:8C:33:48:94:BF:4B:B7:08:97:C9:99:A6:A8:F1:D0:4B:C0:89:4D:E5</div><div><br></div><div> X509v3 Subject Alternative Name:</div><div> DNS:vpn.EXAMPLE.de</div><div> X509v3 Extended Key Usage:</div><div> TLS Web Client Authentication</div><div> Signature Algorithm: sha1WithRSAEncryption</div><div> 94:58:d4:1a:64:90:1f:b1:e6:f4:0c:f5:9f:83:87:71:c2:41:</div><div> 1b:4a:33:7e:03:f4:b2:66:73:4c:85:11:e2:4b:c3:bd:36:0c:</div><div> 70:66:40:aa:ae:67:4d:63:37:63:3f:b3:23:59:7b:24:89:e0:</div><div> 17:c2:4a:b1:9f:6c:45:dd:0a:2d:c2:c7:5e:ab:d6:0c:0a:d5:</div><div> 91:41:78:84:28:6d:11:93:8a:f4:94:0e:c9:83:b5:c4:ee:17:</div><div> fe:32:11:ee:51:b7:7c:0c:d3:2d:b0:0b:e2:8c:d7:7b:23:3f:</div><div> a9:18:e6:c6:92:93:e7:38:85:78:2b:57:44:cf:d8:c3:55:ad:</div><div> ae:c2:01:49:e9:63:74:a2:60:9a:3c:41:3e:0b:c5:21:c8:0e:</div><div> b7:af:bc:4b:36:13:d5:47:75:e2:6b:ba:5d:74:42:50:60:7a:</div><div> 44:55:7a:b3:94:98:7b:d5:df:90:81:1d:fb:4a:98:4b:18:54:</div><div> 96:77:ce:8d:b1:0d:96:1b:88:47:33:e9:89:81:a9:8d:5c:24:</div><div> c4:2f:8a:e1:9a:c4:52:96:c6:12:4b:de:d0:e9:4e:cd:cf:24:</div><div> 66:16:dd:f8:f1:13:88:3b:5d:82:8c:89:6b:db:f3:e2:24:88:</div><div> de:a3:18:bb:e9:25:e1:75:c3:d8:a7:ef:23:a1:85:f0:6f:50:</div><div> ef:4a:b5:a1</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span> </div><div>Server Certificate:</div><div>Certificate:</div><div> Data:</div><div> Version: 3 (0x2)</div><div> Serial Number:</div><div> 2a:27:5d:38:11:4a:d3:15</div><div> Signature Algorithm: sha1WithRSAEncryption</div><div> Issuer: C=CN, O=EXAMPLE, CN=EXAMPLE ca</div><div> Validity</div><div> Not Before: Apr 29 12:21:34 2016 GMT</div><div> Not After : Apr 29 12:21:34 2019 GMT</div><div> Subject: C=CN, O=EXAMPLE, CN=vpn.EXAMPLE.de</div><div> Subject Public Key Info:</div><div> Public Key Algorithm: rsaEncryption</div><div> Public-Key: (2048 bit)</div><div> Modulus:</div><div> 00:bd:8f:d0:ee:39:4c:91:69:9b:2e:17:de:f7:2e:</div><div> 93:8c:53:65:c0:ec:ab:31:96:b6:e3:e0:16:e0:77:</div><div> f4:8f:a8:cd:93:ee:19:30:87:0a:14:de:48:7f:a0:</div><div> c4:0b:2c:43:d1:29:3b:99:b4:7a:b8:d9:f3:89:8f:</div><div> 39:8e:12:d1:5e:7f:d9:02:dc:a1:6c:1f:81:85:67:</div><div> f8:a3:fa:8b:bc:22:0a:80:64:2d:88:14:79:25:ad:</div><div> e6:08:6b:e6:c0:c0:ee:02:15:ff:3c:17:69:7e:82:</div><div> 37:cd:e7:d0:27:56:18:99:0a:90:f9:45:04:de:fe:</div><div> bc:03:38:d1:73:4d:c1:5c:76:7a:0c:b6:f7:2b:dd:</div><div> 3f:d9:46:57:bf:b6:af:30:de:52:d6:3e:56:3a:43:</div><div> 0d:9e:bc:6f:e2:a2:10:ed:e6:0f:d5:9d:ed:9a:c9:</div><div> 7b:db:64:ba:06:4f:0e:ba:dd:58:b4:df:49:00:db:</div><div> 13:c7:c9:7b:0e:25:2d:19:fb:ad:75:42:e6:f6:93:</div><div> bc:3a:7b:37:2d:51:4a:25:9f:d4:56:0f:30:d3:eb:</div><div> ec:81:c5:36:45:bf:d8:bc:ab:cb:41:40:90:c4:6b:</div><div> 4f:99:53:f9:b5:52:76:ec:e3:f9:ef:e5:93:c9:d2:</div><div> fd:e4:2c:59:7e:cd:ff:e2:e8:1f:61:b4:31:17:92:</div><div> f6:95</div><div> Exponent: 65537 (0x10001)</div><div> X509v3 extensions:</div><div> X509v3 Authority Key Identifier:</div><div> keyid:8C:33:48:94:BF:4B:B7:08:97:C9:99:A6:A8:F1:D0:4B:C0:89:4D:E5</div><div><br></div><div> X509v3 Subject Alternative Name:</div><div> DNS:vpn.EXAMPLE.de</div><div> X509v3 Extended Key Usage:</div><div> TLS Web Server Authentication</div><div> Signature Algorithm: sha1WithRSAEncryption</div><div> 69:b0:8d:80:d3:84:be:d0:a5:54:1b:6b:f6:4f:c5:4a:e9:e2:</div><div> 99:42:7f:fa:26:8e:b8:ba:eb:a3:ba:c2:28:d1:62:1d:82:79:</div><div> 54:73:25:4e:55:9f:21:a6:ce:54:e1:a9:06:e2:21:46:68:7e:</div><div> 3d:5f:66:c6:91:7c:c3:c0:9b:b6:86:ce:c7:1c:f9:72:cf:40:</div><div> e1:00:6a:17:c3:4d:66:dc:71:37:57:b6:10:d9:57:cd:33:41:</div><div> 1f:5e:47:80:1c:19:d4:d4:f7:36:1e:2f:e0:bc:0e:09:46:fa:</div><div> 77:39:f1:1a:b1:38:31:14:53:02:06:80:c5:a3:fa:76:1e:f4:</div><div> 78:31:f9:95:71:f2:c9:29:77:86:b5:75:de:eb:1b:90:c4:34:</div><div> e9:03:36:15:c5:4c:6c:a6:f2:f9:2c:01:34:29:56:36:0e:aa:</div><div> 03:d8:af:e4:96:1f:f5:7b:6b:82:2f:c8:56:2c:8d:3b:88:a2:</div><div> 87:34:66:e3:7f:19:c7:86:88:48:64:eb:5f:c5:32:11:4a:c7:</div><div> 91:17:4a:de:24:7d:e1:af:f2:c4:2c:fd:8c:7b:d9:d8:12:05:</div><div> 4d:81:2f:c5:e6:82:2a:a2:cf:d9:40:41:80:e0:15:a0:8b:d2:</div><div> 31:f0:79:6b:06:48:ac:14:9f:a1:2b:eb:66:3a:61:47:95:a9:</div><div> 9e:d5:6e:26</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span> </div><div>CA Certificate:</div><div>Certificate:</div><div> Data:</div><div> Version: 3 (0x2)</div><div> Serial Number:</div><div> fc:f7:56:28:32:8e:88:55</div><div> Signature Algorithm: sha1WithRSAEncryption</div><div> Issuer: C=CN, O=EXAMPLE, CN=EXAMPLE ca</div><div> Validity</div><div> Not Before: Apr 29 12:21:31 2016 GMT</div><div> Not After : Apr 29 12:21:31 2019 GMT</div><div> Subject: C=CN, O=EXAMPLE, CN=EXAMPLE ca</div><div> Subject Public Key Info:</div><div> Public Key Algorithm: rsaEncryption</div><div> Public-Key: (2048 bit)</div><div> Modulus:</div><div> 00:db:92:a0:a2:1d:f6:8e:cd:64:d8:da:b5:ab:a4:</div><div> b9:40:fc:03:d9:43:94:9e:2b:42:4e:b7:d8:a7:0e:</div><div> 3b:9e:be:49:76:b1:ae:d3:5f:72:b7:1d:4e:56:0c:</div><div> bd:a8:d1:f1:73:81:b5:7f:15:a0:ab:fc:f3:2c:ec:</div><div> c4:0b:aa:b1:82:bd:9b:09:a2:14:f6:84:a3:08:c7:</div><div> 10:21:97:8e:9e:15:91:67:28:81:31:96:11:40:8f:</div><div> 33:52:4a:e0:3a:fc:29:9a:db:15:ec:74:f5:db:52:</div><div> 25:ff:a2:49:da:f9:de:84:c7:42:fa:d0:3a:71:cf:</div><div> d5:28:8f:3b:bb:71:14:50:5e:f0:e1:2b:6a:da:5e:</div><div> 77:35:f1:88:c3:0a:9a:19:80:05:b9:23:ce:bd:1c:</div><div> a9:3a:b6:ed:90:48:05:00:e4:38:cf:e8:83:b8:c8:</div><div> 1d:09:a8:0c:1e:1a:d2:cf:f4:83:02:4f:b9:ea:a3:</div><div> f3:6f:6a:57:90:f6:72:c4:81:70:56:08:35:49:98:</div><div> 41:e9:1b:0a:51:6f:af:8c:ec:f3:74:79:15:20:3a:</div><div> 0d:b8:b2:7e:46:9f:76:12:04:4b:cc:cc:d4:a8:dc:</div><div> 57:ed:10:e1:ec:4e:8e:db:ee:e0:f3:3a:c6:a1:49:</div><div> d6:b6:87:21:5b:b7:e3:ed:2d:14:a2:3f:2e:06:c0:</div><div> 8d:65</div><div> Exponent: 65537 (0x10001)</div><div> X509v3 extensions:</div><div> X509v3 Basic Constraints: critical</div><div> CA:TRUE</div><div> X509v3 Key Usage: critical</div><div> Certificate Sign, CRL Sign</div><div> X509v3 Subject Key Identifier:</div><div> 8C:33:48:94:BF:4B:B7:08:97:C9:99:A6:A8:F1:D0:4B:C0:89:4D:E5</div><div> X509v3 Authority Key Identifier:</div><div> keyid:8C:33:48:94:BF:4B:B7:08:97:C9:99:A6:A8:F1:D0:4B:C0:89:4D:E5</div><div><br></div><div> Signature Algorithm: sha1WithRSAEncryption</div><div> 1a:22:60:85:55:d6:12:47:c7:23:6b:7a:26:15:98:f5:cd:c6:</div><div> fb:12:bb:5e:c4:8c:f3:b8:db:bb:68:6b:e5:40:a4:8f:1b:fc:</div><div> 86:9a:65:48:b2:3c:4f:77:44:87:66:25:cf:9c:02:bd:61:81:</div><div> 07:6d:28:82:c1:f9:36:dd:44:cf:fa:47:6d:82:9e:54:82:35:</div><div> 38:7b:eb:ef:79:3d:f3:ba:5b:43:b2:78:99:76:5e:41:02:2f:</div><div> 67:97:88:bb:ae:5b:6e:a1:9a:26:c2:c1:30:9d:e8:93:ed:99:</div><div> da:02:db:f6:b2:56:b7:bb:80:c7:9f:a2:24:8a:41:f3:db:19:</div><div> 74:ad:d2:e6:7c:5e:17:69:72:a0:d1:0d:fe:6e:b7:bf:9f:0c:</div><div> ac:e3:8e:00:d5:86:a1:2f:27:6b:f6:c4:92:cc:af:c5:db:9c:</div><div> ba:8b:1a:eb:aa:f0:74:6f:ef:78:d3:7f:c8:25:53:2c:e8:50:</div><div> ca:7f:19:b6:f6:38:93:28:ba:28:d7:78:25:79:c9:7a:c0:23:</div><div> 99:72:65:55:bb:23:e7:52:96:93:ae:b7:37:70:5e:0f:32:73:</div><div> ee:d7:4c:35:24:81:96:d2:d3:fb:fb:93:49:27:b4:b4:f0:a0:</div><div> d4:8f:7b:a9:3f:f1:a6:1c:65:71:11:ba:77:8f:ed:ee:d5:ef:</div><div> 96:cb:47:bc</div><div style="font-size: 12pt;"><br></div></div><div style="font-size: 12pt;"><br></div><div style="font-size: 12pt;">Thanks,<br>Arne</div><div><span style="font-size: 12pt;"><br></span></div><div><span style="font-size: 12pt;">Subject: Re: [strongSwan] Win7 and Window10Mobile: IKE authentication credentials are unacceptable</span><div>> To: arne.j.schmid@outlook.com; users@lists.strongswan.org<br>> From: tobias@strongswan.org<br>> Date: Fri, 29 Apr 2016 12:11:59 +0200<br>> <br>> Hi Arne,<br>> <br>> > Apr 28 20:09:50 12[IKE] <1> peer supports MOBIKE<br>> > Apr 28 20:09:50 12[IKE] <1> IKE_SA (unnamed)[1] state change: CONNECTING<br>> > => DESTROYING<br>> <br>> Looks like the daemon encountered an unrecoverable error, maybe while<br>> encoding the response message. Could leave the log levels for the two<br>> log groups you set to -1 at the default (which is 1) and try again so<br>> we'd see any error messages that might get logged while preparing the<br>> response.<br>> <br>> Regards,<br>> Tobias<br>> <br></div></div> </div></body>
</html>