[strongSwan] StrongSwan Windows 8 IKEv2 (Using Agile VPN Client) Problems with 32-Bit version of windows 8.

Martin Willi martin at strongswan.org
Tue Jul 23 15:09:33 CEST 2013


Hi Andy,

> Win 8 x64 (Successful)
> looking for peer configs matching 10.1.0.2[%any]...10.1.0.1[C=EN, O=Corp, OU=Dev, CN=Client]

> Win 8 x86 (Unsucessful)
> looking for peer configs matching 10.1.0.2[%any]...10.1.0.1[192.168.211.128]

On x86, the client uses its (internal?) IP address to authenticate. This
is not allowed, as strongSwan requires that the identity is contained in
the certificate, either as subject or as subjectAltName.

I think this is the known regression coming with unpatched Windows 8
builds: the Agile VPN client uses a wrong identity.

This regression has been fixed by Microsoft using a hotfix. Have you
double-checked that this box has all Windows updates installed? 

Regards
Martin





More information about the Users mailing list