[strongSwan] Error 13801 on Win 7 - with known good ca certificate
andy.paton at hp.com
Fri Aug 2 23:03:26 CEST 2013
So when I was trying tho the other week the two main causes were:
A) Certiicates not having SAN with DNS / IP.
B) Windows not loading certificate root of trust properly.
If you have the cert working I suggest checking the certificates on windows. Are they installed in machine Certs? When you inspect them can in validate the certificate chain?
On 2 Aug 2013, at 22:00, "Gregg Hughes" <ghughes at iscinternational.com<mailto:ghughes at iscinternational.com>> wrote:
Good afternoon, all!
I’m tracking down another problem on my VPN, this one arising from two Win7 connections.
The client machine is a Windows 7 Professional that is connecting via EAP-MSCHAPV2. I have imported the self-signed certificate as shown on the documentation. This certificate works for my test Win7 machine, so it’s known good and conforms to the needs of Win 7 as per http://wiki.strongswan.org/projects/strongswan/wiki/Win7CertReq.
The ipsec.conf is below.
# ipsec.conf - strongSwan1 IPsec configuration file
# basic configuration
# 7/18 set up for rw-cert
# Add connections here.
lefthostaccess = yes
The rw-eap-bluemound connection works with a Win7 virtual machine inside the network. The connection looks good – from syslog: Aug 2 15:42:14 vpn1 charon: 09[NET] sending packet: from 192.168.1.102 to 192.168.200.251 – but then the 13801 error pups up and the server does this: Aug 2 15:42:44 vpn1 charon: 11[JOB] deleting half open IKE_SA after timeout.
As I indicated, the certificate works with another Win 7 client, and I can make a successful connection.
What other possible blocks can lead to this Windows 13801 error that come up in Strongswan?
Thanks to all for looking at this!
Users mailing list
Users at lists.strongswan.org<mailto:Users at lists.strongswan.org>
More information about the Users