[strongSwan] [Strongswan] Authentication based on X.509 using DN identification has failed and getting errors

SaRaVanAn saravanan.nagarajan87 at gmail.com
Thu Nov 1 11:55:22 CET 2012


Hi Tobias,
   I have attached decoded IKEV2 AUTH packet for your reference. It seems
,Client is sending a valid identity payload with identification data to
strongswan.
But Strongswan is showing client identification information as NULL in the
logs and sending authentication failure payload.

Please help me to solve this problem.

Regards,
Saravanan N
On Thu, Oct 4, 2012 at 5:33 PM, Tobias Brunner <tobias at strongswan.org>wrote:

> Hi,
>
> > Oct  1 14:42:26 localhost charon: 13[ENC] parsed IKE_AUTH request 1 [
> > IDi CERT CERTREQ AUTH SA TSi TSr ]
> > ...
> > Oct  1 14:42:26 localhost charon: 13[CFG] looking for peer configs
> > matching 35.0.0.2[%any]...35.0.0.1[]
>
> Your client seemed have sent an empty IDi payload (seen as [] above),
> which will not match with the config where you configured
>
> > conn site-site
> >     ...
> >     rightid="C=CH, O=strongswan, CN=iss"
> >     ...
>
> What did you configure on the client?
>
> Regards,
> Tobias
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121101/7c0eaf91/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IKEV2_decoded_packet.pcap
Type: application/octet-stream
Size: 3429 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121101/7c0eaf91/attachment.obj>


More information about the Users mailing list