[strongSwan] IKEV2 Suite B ECDSA-384 certificates with Windows not working - IKEv2 Error 13806

Mark M mark076h at yahoo.com
Mon Jul 16 04:51:19 CEST 2012


I have successfully built a strongSwan gateway and can connect Linux clients to it using certificates with Suite B cryptographic algorithms. I am using ECDSA-384 machine certificates with ike=aes256-sha384-ecp384! in the ipsec.conf settings and keyexchange=ikev2. As i said everything works great with linux road warrior clients or host-host and site-to-site. Now I cannot get Windows clients to work. I keep getting the IKEv2 Error13806 when i try to connect. I have tried Windows 7, 8, Server 2008, and Server 2012. If i use non Suite B encryption settings everything works fine and the same certificates that don't work in Windows will work fine on a Linux client.

I found the older posts about the Windows 7 and Server 2008 Agile VPN clients not working with ECDSA certificates or only work with IKEv1, some kind of bug where it can't read or find the certificates, but this was going to change in Windows 8 and Server 2012. Has there been any progress made in getting this to work?

Any help would be greatly appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120715/5bb67d9a/attachment.html>

More information about the Users mailing list