[strongSwan] Struggling with Windows 7 IkeV2 - Error 13806
Weber, Stefan (IT)
s.weber at noerr.com
Mon May 23 15:59:41 CEST 2011
I would like to connect to strongSwan with Windows 7 using IKEV2 and Machine Certificate. I followed the instructions in the strongSwan Wiki but couldnt get it to work. When tryining to connect i receive an error 13806 telling me that Windows is not able to find a valid machine certificate.
What i did so far:
Imported my Root Certificate to the Computer Trusted Root Authorities.
Create a certificate for my Windows 7 machine with
KeyUsage digitalSignature and KeyEncipherment, ExtendedKeyUsage clientAuth, serverAuth
SubjectAlternateName set to the DNS:win7client.vpntest.local
Exported the cert+private key as pkcs12 and imported to the Computers - Personal Cerificate Store. Windows 7 tells me that the certificate is valid and trusted by my Root Certificate
Create a certificate for my strongSWan Host with
KeyUsage digitalSignature and KeyEncipherment, extendedKeyusage clientAuth, serverAuth
SubjetAlterName set to the DNS:strongswan.vpntest.local
Set this certificate as leftcert in ipsec.conf
Configured ist private Key in ipsec.secrets.
DNS name resolution is working of course ;-)
I also tried with certificates including IKEIntermediate in extendedKeyUsage.
When starting strongSwan with --debug-all i see IKE sending cert request immediatly followed by error 13806 on the Windows Box.
I hope anybody can help me out or lead me in the right direction.
Thank you in advance,
More information about the Users