[strongSwan] Anyone got strongSwan working with Aruba Networks (as a Aruba VIA client)?

Jerry Lundström jerry.lundstrom at iis.se
Mon Apr 14 12:12:01 CEST 2014


Hi Martin,

Unfortunate the Aruba log is very poor and the errors does not give any
notion on what could be wrong.

On mån, 2014-04-14 at 11:50 +0200, Martin Willi wrote:
> The peer rejects authentication, but we can't see why on this end. Maybe
> the Aruba peer has more information about this failure in its log?

This gives ERR_IPSEC_NO_MAP.

> Seems that the peer does not respond to the EAP-TLS message. Again, the
> Aruba log might have information why it doesn't continue.

It's very unsure what fails here, we see an authentication error from
the radius but unsure what fails, if its the ID to certificate map or
the certificate itself.

Is there any way to get more debug information out of strongSwan for the
EAP-TLS authentication?

Also, if I do not specify an leftid the DN from the certificate is used
and it fails even faster. I have UTF-8 characters in my DN, has there
been problems with that in strongSwan before? My DN is not displayed
correctly in the terminal from the strongSwan output but everything
looks ok when checking the certificate with openssl x509.

-- 
Jerry Lundström - Software Engineer
.SE - The Internet Infrastructure Foundation
http://www.iis.se/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 660 bytes
Desc: This is a digitally signed message part
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140414/1242c18d/attachment.pgp>


More information about the Users mailing list