[strongSwan] eap-mschapv2 is just working with one Windows 7

Martin Willi martin at strongswan.org
Mon Aug 27 10:55:20 CEST 2012


Hi Hamid,

> and the common error is :  " ike authentication credentials are
> unacceptable" 

> sending end entity cert "C=..."
> generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]

Most likely the client does not accept the certificate the server is
sending. Make sure that:
      * the certificate is trusted by the client (i.e. the CA
        certificate is installed in the "Machine" certificate store)
      * the server certificate contains the serverAuth extendedKeyUsage
        flag
      * the hostname entered in your Windows 7 connection is contained
        in the certificate as subjectAltName.

Have a look at [1] for the details of these requirements.

Regards
Martin

[1]http://wiki.strongswan.org/projects/strongswan/wiki/Win7CertReq






More information about the Users mailing list