[strongSwan] Windows 7 IKEv2 Error 13806

Tiebing Zhang tzhang at advistatech.com
Fri May 18 23:37:41 CEST 2012


Andreas,

Finally I got my setup to work. The problem is (I think) that the 
CN(Common Name) and SAN(Subject Alternative Name) for the Windows 7 
certificates. I was using "win7" or "win71". This time I used 
"win7.mycompany.local" on both CN and SAN, and it made a difference. I 
am going to experiment with different combinations and see what is the 
bare minimum requirements.

Another issue I ran into after the certificate problem was solved was 
NAT. My windows 7 was running in a VirtualBox virtual machine, which ran 
NAT to the network where the StrongSwan was. Apparently in that setup 
Windows 7 could not finish the IKEv2 negotiation. It did start sending 
and receiving packets from StrongSwan, but when Strongswan sent Windows 
7 the final IKE Auth 1 packet, Windows 7 seemed either missed it or not 
able to interpret it, so it continued to send the previous packet to 
StrongSwan and Strongswan just kept retransmitting the last packet. 
Eventually Windows 7 timed out.

When I changed the VirtualBox network setting from NAT to Bridge, 
Windows 7 was able to finish the setup and establish the SA. Not sure 
why, since IKEv2 is supposed to be compatible with NAT, right?

I will probably follow up with a blog with more details.

Thanks for your help.  Words cannot express my gratitude.

Best regards,

Tiebing

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120518/93ad8113/attachment.html>


More information about the Users mailing list