[strongSwan] [Windows 8 / IKEv2] Can't connect windows 8 client
François Lacombe
francois.lacombe at infos-reseaux.com
Sat Sep 22 15:41:28 CEST 2012
Hi folks,
Last week i tryed to connect to my IKEv2/IPsec VPN with a new computer
running Windows 8 x64 RTM.
Surprisingly, it didn't manage to setup an authentication due to some
IKEv2 error (although it works well on my Windows 7 clients simultaneously).
After some analyse of my logs, I noticed a little detail which seems to
have some importance : Windows isn't sending the right information to
identify the client.
Look:
Running windows 8 :
Sep 10 23:08:38 cerbere charon: 12[IKE] received end entity cert "C=FR,
ST=IDF, O=STC Systems, OU=DSI, CN=MY_CN"
Sep 10 23:08:38 cerbere charon: 12[CFG] looking for peer configs
matching PUBLIC_SERVER_IP[%any]...PUBLIC_CLIENT_IP[172.22.205.45]
Running windows 7 :
Sep 10 22:52:48 cerbere charon: 13[IKE] received end entity cert "C=FR,
ST=IDF, O=STC Systems, OU=DSI, CN=MY_CN, E=MY_MAIL"
Sep 10 22:52:48 cerbere charon: 13[CFG] looking for peer configs
matching PUBLIC_SERVER_IP[%any]...PUBLIC_CLIENT_IP[C=FR, ST=IDF, O=STC
Systems, OU=DSI, CN=MY_CN, E=MY_MAIL]
Even if my certs are correctly installed on the client, windows is still
sending a private IP adress to the server instead of the client cert
signature. Why?
I think it's a windows "bug" but i'm more confident in fiding a
strongswan's way to get rid of it than waiting for a Microsoft update.
Or maybe there's a simple trick around there to make it works.
I'm running Stringswan 4.6.2 Charon. I plan to upgrade it to 5.0 when it
will be fully available as a Debian packet.
Will someone have information about this problem?
Thanks in advance, regards.
--
*François Lacombe*
francois dot lacombe At infos-reseaux dot com
<mailto:%66%72%61%6E%63%6F%69%73%2E%6C%61%63%6F%6D%62%65%40%69%6E%66%6F%73%2D%72%65%73%65%61%75%78%2E%63%6F%6D>
http://www.infos-reseaux.com
More information about the Users
mailing list