[strongSwan] Anyone got strongSwan working with Aruba Networks (as a Aruba VIA client)?
Jerry Lundström
jerry.lundstrom at iis.se
Mon Apr 28 08:31:57 CEST 2014
Hi all,
With the upgrade to Ubuntu 14.04 using strongSwan 5.1.2 it looks like I
actually now are getting a connection... but it fails on the client side
due to a certification check:
negotiated TLS 1.0 using suite TLS_RSA_WITH_AES_128_CBC_SHA
server certificate does not match to '<user or VPN DN>'
sending fatal TLS alert 'access denied'
With aaa_identity set it says that the server certificate does not match
it and without it checks against the VPN DN I set, none match.
Can I enable some debug option to see what certificate it is receiving?
/Jerry
On mån, 2014-04-14 at 11:45 +0200, Jerry Lundström wrote:
> So I have been trying to get strongSwan to work with Aruba VPN and are
> stuck. The VPN is configured to take a client certificate and I have
> tried the rw-cert and rw-eap-tls-* test examples.
>
> conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=1
> keyexchange=ikev2
>
> conn vpn
> left=%any
> leftcert=userCert.pem
> leftid=user at domain
> leftauth=eap
> leftfirewall=yes
> right=vpn.domain
> rightid="<VPN DN>"
> rightsubnet=10.1.0.0/16
> rightauth=pubkey
> auto=add
> ike=aes128-sha1-modp1024
> aaa_identity=user at domain
--
Jerry Lundström - Software Engineer
.SE - The Internet Infrastructure Foundation
http://www.iis.se/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 643 bytes
Desc: This is a digitally signed message part
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140428/886709e8/attachment.pgp>
More information about the Users
mailing list