[strongSwan] [IKEv2] 13806 Error on windows 7 PN client. No previous solutions solved this issue.
Martin Willi
martin at strongswan.org
Wed Jan 25 09:57:47 CET 2012
Hello François,
> used as an IKEv2 IPsec/L2TP server
Windows supports L2TP/IPsec for a long time, but this setup uses IKEv1.
The new IKEv2 client in Windows 7 does plain IPsec, no L2TP tunneling is
involved.
So if you have Windows 7 Clients only, I highly recommend to use IKEv2
only.
> Despite this, my openssl certificate refuse to be selected in a relevant
> way by the W7 VPN client.
You'll need the "Server Authentication" Extended Key usage
(1.3.6.1.5.5.7.3.1) and the DNS name you configure in your Windows
connection profile as a subjectAltName in the certificate. See [1] for
details, [2] may be of help, too. If it doesn't work, you can try to
temporarily (!) disable extended checks as outlined in [1]. If it still
doesn't work, double check that your CA is installed correctly.
Regards
Martin
[1]http://wiki.strongswan.org/projects/strongswan/wiki/Win7CertReq
[2]http://blogs.technet.com/b/rrasblog/archive/2009/06/10/what-type-of-certificate-to-install-on-the-vpn-server.aspx
More information about the Users
mailing list