[strongSwan] ikev2 vpn using PKI auth with a Blackberry Z10
Tobias Brunner
tobias at strongswan.org
Wed Sep 4 08:58:35 CEST 2013
Hi,
You didn't write what strongSwan version you are using. But I suspect
it's something like 4.5.2, certainly before 4.6.3 because this problem here
> Sep 3 21:39:19 firebrand charon: 12[ENC] invalid X509 hash length (0)
> in certreq
> Sep 3 21:39:19 firebrand charon: 12[ENC] CERTIFICATE_REQUEST
> verification failed
> Sep 3 21:39:19 firebrand charon: 12[ENC] could not decrypt payloads
> Sep 3 21:39:19 firebrand charon: 12[IKE] message verification failed
should be fixed by [1], which was included in 4.6.3.
Why the Z10 client sends an empty certificate request, which doesn't
make much sense, is another question. Perhaps the CA certificate is not
installed properly (or at all), or it always does that (bug?).
Regards,
Tobias
[1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=4ef867f5
More information about the Users
mailing list