[strongSwan] [IKEv2] 13806 Error on windows 7 PN client. No previous solutions solved this issue.

Martin Willi martin at strongswan.org
Wed Jan 25 09:57:47 CET 2012

Hello François,

> used as an IKEv2 IPsec/L2TP server

Windows supports L2TP/IPsec for a long time, but this setup uses IKEv1.
The new IKEv2 client in Windows 7 does plain IPsec, no L2TP tunneling is

So if you have Windows 7 Clients only, I highly recommend to use IKEv2

> Despite this, my openssl certificate refuse to be selected in a relevant 
> way by the W7 VPN client.

You'll need the "Server Authentication" Extended Key usage
( and the DNS name you configure in your Windows
connection profile as a subjectAltName in the certificate. See [1] for
details, [2] may be of help, too. If it doesn't work, you can try to
temporarily (!) disable extended checks as outlined in [1]. If it still
doesn't work, double check that your CA is installed correctly.



More information about the Users mailing list