[strongSwan] Error 13801 on Win 7 - with known good ca certificate

Gregg Hughes ghughes at iscinternational.com
Fri Aug 2 22:59:42 CEST 2013 

Good afternoon, all!

 

I'm tracking down another problem on my VPN, this one arising from two Win7
connections.  

 

The client machine  is a Windows 7 Professional that is connecting via
EAP-MSCHAPV2.  I have imported the self-signed certificate as shown on the
documentation.  This certificate works for my test Win7 machine, so it's
known good and conforms to the needs of Win 7 as per
http://wiki.strongswan.org/projects/strongswan/wiki/Win7CertReq.

 

 

The ipsec.conf is below.

 

# ipsec.conf - strongSwan1 IPsec configuration file

 

# basic configuration

# 7/18 set up for rw-cert

 

config setup

                # plutodebug=all

                crlcheckinterval=180

                strictcrlpolicy=no

                # cachecrls=yes

                # nat_traversal=yes

                charonstart=yes

                plutostart=no

 

# Add connections here.

 

conn %default

                ikelifetime=60m

                keylife=20m

                rekeymargin=3m

                keyingtries=1

                keyexchange=ikev2

 

conn net-net

                left=192.168.1.102

                leftsubnet=192.168.0.0/16

                leftid=@vpn1.iscinternational.com

                leftfirewall=yes

                right=67.53.158.25

                rightsubnet=192.168.0.0/16

                rightid=@vpn2.iscinternational.com

                auto=add

 

conn rw-eap-bluemound

                left=192.168.1.102

                # leftsourceip=%config

                leftsubnet=192.168.0.0/16

                leftid=@vpn1.iscinternational.com

                leftcert=vpn1cert.pem

                leftauth=pubkey

                leftfirewall=yes

                lefthostaccess = yes

                right=%any

                rightauth=eap-mschapv2

                rightsendcert=never

                rightsourceip=%dhcp

                eap_identity=%any

                auto=add

 

The rw-eap-bluemound connection works with a Win7 virtual machine inside the
network.  The connection looks good - from syslog:  Aug  2 15:42:14 vpn1
charon: 09[NET] sending packet: from 192.168.1.102[4500] to
192.168.200.251[4500] - but then the 13801 error pups up and the server does
this:  Aug  2 15:42:44 vpn1 charon: 11[JOB] deleting half open IKE_SA after
timeout.

 

As I indicated, the certificate works with another Win 7 client, and I can
make a successful connection.

 

What other possible blocks can lead to this Windows 13801 error that come up
in Strongswan?

 

Thanks to all for looking at this!

 

 

Gregg

 


Gregg Hughes

IT Administrator

www.iscinternational.com

 

	

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130802/8179f861/attachment.html>

More information about the Users mailing list