[strongSwan] ikev2 vpn using PKI auth with a Blackberry Z10
gawd0wns at hotmail.com
Thu Sep 5 04:03:28 CEST 2013
You are correct, I am using v4.5.2 on Debian linux (stable branch). It
is the most up to date version available in the stable branch. I took
your advice and upgraded it (to the next available version in the Debian
testing stream - v4.6.4), and my z10 connected to the sever without any
modification to the configs or certificates. Thanks for the tip!
looks like I can't communicate with the server at all from the z10, and
vice versa. I will try and work this out on my own when I have more
time. Let me know if you have any suggestions to improve my current
Thanks very much for your help!
> Date: Wed, 4 Sep 2013 08:58:35 +0200
> From: tobias at strongswan.org
> To: gawd0wns at hotmail.com
> CC: users at lists.strongswan.org
> Subject: Re: [strongSwan] ikev2 vpn using PKI auth with a Blackberry Z10
> You didn't write what strongSwan version you are using. But I suspect
> it's something like 4.5.2, certainly before 4.6.3 because this problem here
> > Sep 3 21:39:19 firebrand charon: 12[ENC] invalid X509 hash length (0)
> > in certreq
> > Sep 3 21:39:19 firebrand charon: 12[ENC] CERTIFICATE_REQUEST
> > verification failed
> > Sep 3 21:39:19 firebrand charon: 12[ENC] could not decrypt payloads
> > Sep 3 21:39:19 firebrand charon: 12[IKE] message verification failed
> should be fixed by , which was included in 4.6.3.
> Why the Z10 client sends an empty certificate request, which doesn't
> make much sense, is another question. Perhaps the CA certificate is not
> installed properly (or at all), or it always does that (bug?).
>  http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=4ef867f5
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users