[strongSwan] StrongSwan Windows 8 IKEv2 (Using Agile VPN Client) Problems with 32-Bit version of windows 8.

Paton, Andy andy.paton at hp.com
Wed Jul 24 11:10:39 CEST 2013 

All,



Just to update the thread and close this off, Microsoft have told me the patch that includes the fix for this issue. Frustratingly it isn’t publicly documented, however I have asked that they update the KB document to highlight this issue to make it easier for people to find in the future.


http://support.microsoft.com/kb/2785094
Windows 8 and Windows Server 2012 update rollup: January 2013

Download:
http://search.microsoft.com/en-us/DownloadResults.aspx?q=KB2785094



Thanks for your help in debugging this issue.


Andy Paton - Bsc. (Hons), MBCS
Innovation Engineer

andy.paton at hp.com<mailto:andy.paton at hp.com>

[HP]<http://www.hp.com/>


-----Original Message-----
From: Martin Willi [mailto:martin at strongswan.org]
Sent: 23 July 2013 14:10
To: Paton, Andy
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] StrongSwan Windows 8 IKEv2 (Using Agile VPN Client) Problems with 32-Bit version of windows 8.



Hi Andy,



> Win 8 x64 (Successful)

> looking for peer configs matching 10.1.0.2[%any]...10.1.0.1[C=EN,

> O=Corp, OU=Dev, CN=Client]



> Win 8 x86 (Unsucessful)

> looking for peer configs matching

> 10.1.0.2[%any]...10.1.0.1[192.168.211.128]



On x86, the client uses its (internal?) IP address to authenticate. This is not allowed, as strongSwan requires that the identity is contained in the certificate, either as subject or as subjectAltName.



I think this is the known regression coming with unpatched Windows 8

builds: the Agile VPN client uses a wrong identity.



This regression has been fixed by Microsoft using a hotfix. Have you double-checked that this box has all Windows updates installed?



Regards

Martin


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130724/1400e8b3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 3690 bytes
Desc: image001.png
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130724/1400e8b3/attachment.png>

More information about the Users mailing list