[strongSwan] strongswan configuration/certificate error
badphoenix at gmx.li
badphoenix at gmx.li
Mon Dec 10 14:34:34 CET 2012
hello at all,
i have a problem to configure strongswan on debian. strongswan should act as gateway for ios, android and win7. i have done my configuration with infos from the strongswan wiki and i generated the certificate with the information from the following site http://useranswer.com/answer/how-to-set-up-strongswan-or-openswan-for-pure-ipsec-with-iphone-client/.
at the moment i can only check the connection with win7 and android clients, but on win7 i get the error 13801. On android i get the error "[CFG]constraint check failed: identity 'myhost.mydomain.com' required".
My certificate includes the information extendedKeyUsage = serverAuth, 1.3.6.1.5.5.8.2.2 and subjectAltName = DNS:myhost.mydomain.com
I searched a long time on the internet but i dont find any solution. Did anybody have a solution for my Problem? ?
my configuration at the moment:
# ipsec.conf - strongSwan IPsec configuration file
config setup
plutostart=no
conn android
left=%defaultroute
leftcert=strongswanCert.pem
leftsubnet=0.0.0.0/0
right=%any
rightsourceip=10.10.3.0/24
keyexchange=ikev2
auto=add
# ipsec.secrets
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication. See ipsec_pluto(8) manpage, and HTML documentation.
# RSA private key for this host, authenticating it to any other host
# which knows the public part. Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".
# this file is managed with debconf and will contain the automatically created private key
: RSA strongswanKey.pem "password"
More information about the Users
mailing list