[strongSwan] strongswan configuration/certificate error

badphoenix at gmx.li badphoenix at gmx.li
Mon Dec 10 14:34:34 CET 2012


hello at all,

i have a problem to configure strongswan on debian. strongswan should act as gateway for ios, android and win7. i have done my configuration with infos from the strongswan wiki and i generated the certificate with the information from the following site http://useranswer.com/answer/how-to-set-up-strongswan-or-openswan-for-pure-ipsec-with-iphone-client/.

at the moment i can only check the connection with win7 and android clients, but on win7 i get the error 13801. On android i get the error "[CFG]constraint check failed: identity 'myhost.mydomain.com' required". 

My certificate includes the information extendedKeyUsage = serverAuth, 1.3.6.1.5.5.8.2.2 and subjectAltName = DNS:myhost.mydomain.com

I searched a long time on the internet but i dont find any solution. Did anybody have a solution for my Problem? ?

my configuration at the moment:

# ipsec.conf - strongSwan IPsec configuration file

config setup
     plutostart=no

conn android
     left=%defaultroute
     leftcert=strongswanCert.pem
     leftsubnet=0.0.0.0/0
     right=%any
     rightsourceip=10.10.3.0/24
     keyexchange=ikev2
     auto=add

# ipsec.secrets
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication.  See ipsec_pluto(8) manpage, and HTML documentation.

# RSA private key for this host, authenticating it to any other host
# which knows the public part.  Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".

# this file is managed with debconf and will contain the automatically created private key
: RSA strongswanKey.pem "password"





More information about the Users mailing list