[strongSwan] Cert question
gary.smith at holdstead.com
Thu Feb 24 20:04:24 CET 2011
> The error message
> : 15[IKE] received AUTHENTICATION_FAILED notify error
> means that the authentication failed on the remote side.
> Please check the logs of the peer.
I've sorted a few things on this end. It appears that TinyCA was putting the email address as the altName by default so there was no match. Anyway, that issue has been fixed.
I received an error on connect this time saying that it couldn't validate each others cert so I copied the left cert to the right machine, and vice versa and tweaked the .conf file to look like this:
Is this the correct way to handle the problem of finding the correct cert for the right (by explicitly adding it to the connection)?
I can ping both sides of the tunnel now (that is the local vpn internal IP) so I guess it's working.
More information about the Users