<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Just updated strongSwan from 5.6.2 to 5.6.3 and now the certificate auth doesn’t work from Windows 10 (OSX works) with an IKE error.<div class=""><br class=""></div><div class=""><b class="">IKE authentication credentials are unacceptable. The error code returned on failure is 13801.</b></div><div class=""><br class=""></div><div class="">The certificates are created as follows</div><div class=""><br class=""></div><div class=""><div class=""><b class="">openssl req -new -newkey rsa:4096 -sha384 -nodes \</b></div><div class=""><b class="">-subj "/CN=vpnuser" \</b></div><div class=""><b class="">-keyout private/vpnuser.key -out requests/vpnuser.csr</b></div><div class=""><b class=""><br class=""></b></div><div class=""><b class="">openssl ca -config openssl.cnf -create_serial -days 395 \</b></div><div class=""><b class="">-keyfile private/ca.key -cert ca.crt -passin pass:"${CAKEYPSWD}" \</b></div><div class=""><b class="">-in requests/vpnuser.csr -notext \</b></div><div class=""><b class="">-extfile <(cat <<EOF</b></div><div class=""><b class="">basicConstraints = CA:false</b></div><div class=""><b class="">subjectKeyIdentifier = hash</b></div><div class=""><b class="">authorityKeyIdentifier = keyid,issuer</b></div><div class=""><b class="">authorityInfoAccess = OCSP;URI:<a href="http://127.0.0.1:2560" class="">http://127.0.0.1:2560</a></b></div><div class=""><b class="">keyUsage=digitalSignature, nonRepudiation</b></div><div class=""><b class="">extendedKeyUsage = clientAuth</b></div><div class=""><b class="">subjectAltName = DNS:vpnuser</b></div><div class=""><b class="">EOF</b></div><div class=""><b class="">)</b></div></div><div class=""><b class=""><br class=""></b></div><div class=""><b class=""><br class=""></b></div><div class="">Looking at the changleLog, there isn’t any obvious reason… <a href="https://wiki.strongswan.org/projects/strongswan/wiki/Changelog56" class="">https://wiki.strongswan.org/projects/strongswan/wiki/Changelog56</a></div><div class=""><br class=""></div><div class="">Any ideas?</div><div class=""><br class=""></div><div class="">C</div></body></html>