[strongSwan] Android (normal client) + L2TP/IPSEC and certificates
Michael Holstein
michael.holstein at csuohio.edu
Thu Nov 11 18:17:39 CET 2010
ipsec.conf
(rw)
authby=rsasig
pfs=no
keyingtries=1
rekey=no
ikelifetime=8h
keylife=1h
left=my.ip.address
leftprotoport=17/1701
right=%any
rightid=@FQDN_BASE_OF_CERTS
Certificates of the TinyCA generated CA, CRL, server key, server crt,
client key and client crt are all in the appropriate places.
With plutodebug=parsing enables, I get the following upon connection
/var/log/auth.log
(bunch of stuff..)
L2 - issuer:
C=stuff, CN=FQDN_OF_CERTS, E=ROOT at FQDN_BASE_OF_CERTS'
and ..
C=stuff CN=MY_ID at FQDN_OF_SERVER, E=SubjectAltName
So I *know* the client is sending it .. and the parser is finding it ..
but for whatever reason, this appears next :
Public key validated
"rw"[1] IP_OF_CLIENT #2: no RSA public key known for 'IP_OF_CLIENT'
"rw"[1] IP_OF_CLIENT #2: sending encrypted notification
INVALID_KEY_INFORMATION to IP_OF_CLIENT:500
Question is .. why is StrongSwan identifying the peer by ID_IPV4 when
the certificate is being sent and parsed?
Thanks,
Michael Holstein
Cleveland State University
More information about the Users
mailing list