[strongSwan] Cert question
Gary Smith
gary.smith at holdstead.com
Thu Feb 24 20:04:24 CET 2011
> The error message
>
> : 15[IKE] received AUTHENTICATION_FAILED notify error
>
> means that the authentication failed on the remote side.
> Please check the logs of the peer.
>
> Andreas
Andreas,
I've sorted a few things on this end. It appears that TinyCA was putting the email address as the altName by default so there was no match. Anyway, that issue has been fixed.
I received an error on connect this time saying that it couldn't validate each others cert so I copied the left cert to the right machine, and vice versa and tweaked the .conf file to look like this:
conn fre-lin
left=x.x.x.x
leftcert=left-cert.pem
leftid=@left
leftsubnet=leftlocal/21
leftfirewall=yes
right=y.y.y.y
rightcert=right-cert.pem
rightid=@right
rightsubnet=rightlocal/21
auto=add
Is this the correct way to handle the problem of finding the correct cert for the right (by explicitly adding it to the connection)?
I can ping both sides of the tunnel now (that is the local vpn internal IP) so I guess it's working.
Gary Smith
More information about the Users
mailing list