[strongSwan] Struggling with Windows 7 IkeV2 - Error 13806

Weber, Stefan (IT) s.weber at noerr.com
Mon May 23 15:59:41 CEST 2011

Dear all,

I would like to connect to strongSwan with Windows 7 using IKEV2 and Machine Certificate. I followed the instructions in the strongSwan Wiki but couldnt get it to work. When tryining to connect i receive an error 13806 telling me that Windows is not able to find a valid machine certificate. 

What i did so far:

Imported my Root Certificate to the Computer Trusted Root Authorities.

Create a certificate for my Windows 7 machine with
KeyUsage digitalSignature and KeyEncipherment, ExtendedKeyUsage clientAuth, serverAuth
SubjectAlternateName set to the DNS:win7client.vpntest.local

Exported the cert+private key as pkcs12 and imported to the Computers - Personal Cerificate Store. Windows 7 tells me that the certificate is valid and trusted by my Root Certificate

Create a certificate for my strongSWan Host with
KeyUsage digitalSignature and KeyEncipherment, extendedKeyusage clientAuth, serverAuth
SubjetAlterName set to the DNS:strongswan.vpntest.local

Set this certificate as leftcert in ipsec.conf
Configured ist private Key in ipsec.secrets.

DNS name resolution is working of course ;-)

I also tried with certificates including IKEIntermediate in extendedKeyUsage.

When starting strongSwan with --debug-all i see IKE sending cert request immediatly followed by error 13806 on the Windows Box.

I hope anybody can help me out or lead me in the right direction.

Thank you in advance,


More information about the Users mailing list