[strongSwan] Anyone got strongSwan working with Aruba Networks (as a Aruba VIA client)?

Jerry Lundström jerry.lundstrom at iis.se
Mon Apr 28 08:31:57 CEST 2014

Hi all,

With the upgrade to Ubuntu 14.04 using strongSwan 5.1.2 it looks like I
actually now are getting a connection... but it fails on the client side
due to a certification check:

negotiated TLS 1.0 using suite TLS_RSA_WITH_AES_128_CBC_SHA
server certificate does not match to '<user or VPN DN>'
sending fatal TLS alert 'access denied'

With aaa_identity set it says that the server certificate does not match
it and without it checks against the VPN DN I set, none match.

Can I enable some debug option to see what certificate it is receiving?


On mån, 2014-04-14 at 11:45 +0200, Jerry Lundström wrote:
> So I have been trying to get strongSwan to work with Aruba VPN and are
> stuck. The VPN is configured to take a client certificate and I have
> tried the rw-cert and rw-eap-tls-* test examples.
> conn %default
> 	ikelifetime=60m
> 	keylife=20m
> 	rekeymargin=3m
> 	keyingtries=1
> 	keyexchange=ikev2
> conn vpn
> 	left=%any
> 	leftcert=userCert.pem
> 	leftid=user at domain
> 	leftauth=eap
> 	leftfirewall=yes
> 	right=vpn.domain
> 	rightid="<VPN DN>"
> 	rightsubnet=
> 	rightauth=pubkey
> 	auto=add
> 	ike=aes128-sha1-modp1024
> 	aaa_identity=user at domain

Jerry Lundström - Software Engineer
.SE - The Internet Infrastructure Foundation

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 643 bytes
Desc: This is a digitally signed message part
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140428/886709e8/attachment.pgp>

More information about the Users mailing list