[strongSwan] StrongSwan Windows 8 IKEv2 (Using Agile VPN Client) Problems with 32-Bit version of windows 8.

Paton, Andy andy.paton at hp.com
Wed Jul 24 11:10:39 CEST 2013


Just to update the thread and close this off, Microsoft have told me the patch that includes the fix for this issue. Frustratingly it isn’t publicly documented, however I have asked that they update the KB document to highlight this issue to make it easier for people to find in the future.

Windows 8 and Windows Server 2012 update rollup: January 2013


Thanks for your help in debugging this issue.

Andy Paton - Bsc. (Hons), MBCS
Innovation Engineer

andy.paton at hp.com<mailto:andy.paton at hp.com>


-----Original Message-----
From: Martin Willi [mailto:martin at strongswan.org]
Sent: 23 July 2013 14:10
To: Paton, Andy
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] StrongSwan Windows 8 IKEv2 (Using Agile VPN Client) Problems with 32-Bit version of windows 8.

Hi Andy,

> Win 8 x64 (Successful)

> looking for peer configs matching[%any]...[C=EN,

> O=Corp, OU=Dev, CN=Client]

> Win 8 x86 (Unsucessful)

> looking for peer configs matching


On x86, the client uses its (internal?) IP address to authenticate. This is not allowed, as strongSwan requires that the identity is contained in the certificate, either as subject or as subjectAltName.

I think this is the known regression coming with unpatched Windows 8

builds: the Agile VPN client uses a wrong identity.

This regression has been fixed by Microsoft using a hotfix. Have you double-checked that this box has all Windows updates installed?



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130724/1400e8b3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 3690 bytes
Desc: image001.png
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130724/1400e8b3/attachment.png>

More information about the Users mailing list