[strongSwan] Android (normal client) + L2TP/IPSEC and certificates
andreas.steffen at strongswan.org
Thu Nov 11 18:44:17 CET 2010
it seems that the peer sends its IPv4 address as an identity,
which will not be accepted if it is not contained in the
On 11/11/2010 06:17 PM, Michael Holstein wrote:
> Certificates of the TinyCA generated CA, CRL, server key, server crt,
> client key and client crt are all in the appropriate places.
> With plutodebug=parsing enables, I get the following upon connection
> (bunch of stuff..)
> L2 - issuer:
> C=stuff, CN=FQDN_OF_CERTS, E=ROOT at FQDN_BASE_OF_CERTS'
> and ..
> C=stuff CN=MY_ID at FQDN_OF_SERVER, E=SubjectAltName
> So I *know* the client is sending it .. and the parser is finding it ..
> but for whatever reason, this appears next :
> Public key validated
> "rw" IP_OF_CLIENT #2: no RSA public key known for 'IP_OF_CLIENT'
> "rw" IP_OF_CLIENT #2: sending encrypted notification
> INVALID_KEY_INFORMATION to IP_OF_CLIENT:500
> Question is .. why is StrongSwan identifying the peer by ID_IPV4 when
> the certificate is being sent and parsed?
> Michael Holstein
> Cleveland State University
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
More information about the Users