[strongSwan] Windows 7 IKEv2 Error

Chris Arnold carnold at electrichendrix.com
Wed Jan 8 17:26:26 CET 2014


>>Can you provide full log from the connection attampt (from stronswan
>>side) and what is the error in the win7 client side?

>From the strongswan server:
received packet: from 98.26.xxx.xxx[4500] to 192.168.1.18[4500]
06[ENC] parsed INFORMATIONAL request 9 [ D ]
06[IKE] received DELETE for IKE_SA teknerds[6]
06[IKE] deleting IKE_SA teknerds[6] between 192.168.1.18[C=CH, O=Edens Land Corp, CN=Edens Land Corp VPN]...98.26.xxx.xxx[C=CH, O=Tek-Nerds, CN=Tek-Nerds VPN]
06[IKE] IKE_SA deleted
06[ENC] generating INFORMATIONAL response 9 [ ]
06[NET] sending packet: from 192.168.1.18[4500] to 98.26.xx.xxx[4500]
12[NET] received packet: from 98.26.xx.xxx[48081] to 192.168.1.18[500]
12[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
12[IKE] 98.26.xxx.xxx is initiating an IKE_SA
12[IKE] local host is behind NAT, sending keep alives
12[IKE] remote host is behind NAT
12[IKE] sending cert request for "C=US, ST=NC, L=Durham, O=ELC, CN=Jarrod, E=email address"
12[IKE] sending cert request for "C=CH, O=Edens Land Corp, CN=Edens Land Corp CA"
12[IKE] sending cert request for "C=FI, O=Test, CN=Test CA"
12[IKE] sending cert request for "C=US, ST=North Carolina, L=Durham, O=Edens Land Corp, OU=ELC, CN=Jarrod, E=email address"
12[IKE] sending cert request for "C=CH, O=Edens Land Corp. CN=ELC RW VPN"
12[IKE] sending cert request for "C=US, ST=NC, L=Durham, O=Edens Land Corp, OU=ELC, CN=Jarrod, E=email address"
12[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
12[NET] sending packet: from 192.168.1.18[500] to 98.26.xxx.xxx[48081]
13[NET] received packet: from 98.26.xxx.xxx[32545] to 192.168.1.18[4500]
13[ENC] unknown attribute type INTERNAL_IP4_SERVER
13[ENC] parsed IKE_AUTH request 1 [ IDi CERT CERTREQ AUTH N(MOBIKE_SUP) CP SA TSi TSr ]
13[IKE] received cert request for unknown ca with keyid 0e:ac:82:60:40:56:27:97:e5:25:13:fc:2a:e1:0a:53:95:59:e4:a4
13[IKE] received cert request for unknown ca with keyid dd:bc:bd:86:9c:3f:07:ed:40:e3:1b:08:ef:ce:c4:d1:88:cd:3b:15
13[IKE] received cert request for unknown ca with keyid 4a:5c:75:22:aa:46:bf:a4:08:9d:39:97:4e:bd:b4:a3:60:f7:a0:1d
13[IKE] received cert request for unknown ca with keyid 01:f0:33:4c:1a:a1:d9:ee:5b:7b:a9:de:43:bc:02:7d:57:09:33:fb
13[IKE] received cert request for unknown ca with keyid 34:4f:30:2d:25:69:31:91:ea:f7:73:5c:ab:f5:86:8d:37:82:40:ec
13[IKE] received cert request for "C=US, ST=NC, L=Durham, O=ELC, CN=Jarrod, E=email address"
13[IKE] received cert request for unknown ca with keyid 3e:df:29:0c:c1:f5:cc:73:2c:eb:3d:24:e1:7e:52:da:bd:27:e2:f0
13[IKE] received cert request for unknown ca with keyid da:ed:64:74:14:9c:14:3c:ab:dd:99:a9:bd:5b:28:4d:8b:3c:c9:d8
13[IKE] received cert request for unknown ca with keyid c0:7a:98:68:8d:89:fb:ab:05:64:0c:11:7d:aa:7d:65:b8:ca:cc:4e
13[IKE] received cert request for unknown ca with keyid a8:e3:02:96:70:a6:8b:57:eb:ec:ef:cc:29:4e:91:74:9a:d4:92:38
13[IKE] received cert request for unknown ca with keyid 30:a4:e6:4f:de:76:8a:fc:ed:5a:90:84:28:30:46:79:2c:29:15:70
13[IKE] received cert request for unknown ca with keyid 48:e6:68:f9:2b:d2:b2:95:d7:47:d8:23:20:10:4f:33:98:90:9f:d4
13[IKE] received cert request for unknown ca with keyid 87:db:d4:5f:b0:92:8d:4e:1d:f8:15:67:e7:f2:ab:af:d6:2b:67:75
13[IKE] received cert request for unknown ca with keyid 4a:81:0c:de:f0:c0:90:0f:19:06:42:31:35:a2:a2:8d:d3:44:fd:08
13[IKE] received cert request for unknown ca with keyid 07:15:28:6d:70:73:aa:b2:8a:7c:0f:86:ce:38:93:00:38:05:8a:b1
13[IKE] received cert request for unknown ca with keyid f0:17:62:13:55:3d:b3:ff:0a:00:6b:fb:50:84:97:f3:ed:62:d0:1a
13[IKE] received cert request for unknown ca with keyid 1a:21:b4:95:2b:62:93:ce:18:b3:65:ec:9c:0e:93:4c:b3:81:e6:d4
13[IKE] received cert request for unknown ca with keyid 59:79:12:de:61:75:d6:6f:c4:23:b7:77:13:74:c7:96:de:6f:88:72
13[IKE] received cert request for unknown ca with keyid 6c:ca:bd:7d:b4:7e:94:a5:75:99:01:b6:a7:df:d4:5d:1c:09:1c:cc
13[IKE] received cert request for unknown ca with keyid 42:32:b6:16:fa:04:fd:fe:5d:4b:7a:c3:fd:f7:4c:40:1d:5a:43:af
13[IKE] received cert request for unknown ca with keyid 1a:21:b4:95:2b:62:93:ce:18:b3:65:ec:9c:0e:93:4c:b3:81:e6:d4
13[IKE] received cert request for unknown ca with keyid e2:7f:7b:d8:77:d5:df:9e:0a:3f:9e:b4:cb:0e:2e:a9:ef:db:69:77
13[IKE] received cert request for unknown ca with keyid c9:8e:13:bb:7a:78:a0:05:81:8c:32:7a:6e:df:57:a0:49:32:69:1e
13[IKE] received cert request for unknown ca with keyid fb:61:40:61:b4:8a:bc:eb:56:1d:64:16:1f:ab:6d:f3:f7:ae:45:a5
13[IKE] received cert request for unknown ca with keyid 5f:f3:24:6c:8f:91:24:af:9b:5f:3e:b0:34:6a:f4:2d:5c:a8:5d:cc
13[IKE] received cert request for unknown ca with keyid 83:31:7e:62:85:42:53:d6:d7:78:31:90:ec:91:90:56:e9:91:b9:e3
13[IKE] received cert request for unknown ca with keyid 53:32:d1:b3:cf:7f:fa:e0:f1:a0:5d:85:4e:92:d2:9e:45:1d:b4:4f
13[IKE] received cert request for unknown ca with keyid 55:e4:81:d1:11:80:be:d8:89:b9:08:a3:31:f9:a1:24:09:16:b9:70
13[IKE] received cert request for unknown ca with keyid e2:7f:7b:d8:77:d5:df:9e:0a:3f:9e:b4:cb:0e:2e:a9:ef:db:69:77
13[IKE] received cert request for unknown ca with keyid b1:81:08:1a:19:a4:c0:94:1f:fa:e8:95:28:c1:24:c9:9b:34:ac:c7

Apparently i diddddddd not give the charon log enough time to completely populate! Here is the another part of the connection attempt:

received end entity cert "O=Chris VPN service, CN=client1"
13[CFG] looking for peer configs matching 192.168.1.18[%any]...98.26.xxx.xxx[O=Chris VPN service, CN=client1]
13[CFG] selected peer config 'rclientscerts'
13[CFG]   using certificate "O=Chris VPN service, CN=client1"
13[CFG]   using trusted ca certificate "C=US, ST=NC, L=Durham, O=ELC, CN=Jarrod, E=email address"
13[CFG] checking certificate status of "O=Chris VPN service, CN=client1"
13[CFG] certificate status is not available
13[CFG]   reached self-signed root ca with a path length of 0
13[IKE] authentication of 'O=Chris VPN service, CN=client1' with RSA signature successful
13[IKE] peer supports MOBIKE
13[IKE] no private key found for 'O=Chris VPN service, CN=24.211.xx.xx'
13[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
13[NET] sending packet: from 192.168.1.18[4500] to 98.26.xxx.xxx[32545]
07[NET] received packet: from 98.26.xxx.xxx[18891] to 192.168.1.18[500]
07[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
07[IKE] 98.26.xxx.xxx is initiating an IKE_SA
07[IKE] local host is behind NAT, sending keep alives
07[IKE] remote host is behind NAT
07[IKE] sending cert request for "C=US, ST=NC, L=Durham, O=ELC, CN=Jarrod, E=email"
07[IKE] sending cert request for "C=CH, O=Edens Land Corp, CN=Edens Land Corp CA"
07[IKE] sending cert request for "C=FI, O=Test, CN=Test CA"
07[IKE] sending cert request for "C=US, ST=North Carolina, L=Durham, O=Edens Land Corp, OU=ELC, CN=Jarrod, E=emaaail"
07[IKE] sending cert request for "C=CH, O=Edens Land Corp. CN=ELC RW VPN"
07[IKE] sending cert request for "C=US, ST=NC, L=Durham, O=Edens Land Corp, OU=ELC, CN=Jarrod, E=email"
07[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
07[NET] sending packet: from 192.168.1.18[500] to 98.26.xxx.xxx[18891]
08[NET] received packet: from 98.26.xxx.xxx[61309] to 192.168.1.18[4500]
08[ENC] unknown attribute type INTERNAL_IP4_SERVER
08[ENC] parsed IKE_AUTH request 1 [ IDi CERT CERTREQ AUTH N(MOBIKE_SUP) CP SA TSi TSr ]
08[IKE] received cert request for unknown ca with keyid 0e:ac:82:60:40:56:27:97:e5:25:13:fc:2a:e1:0a:53:95:59:e4:a4
08[IKE] received cert request for unknown ca with keyid dd:bc:bd:86:9c:3f:07:ed:40:e3:1b:08:ef:ce:c4:d1:88:cd:3b:15
08[IKE] received cert request for unknown ca with keyid 4a:5c:75:22:aa:46:bf:a4:08:9d:39:97:4e:bd:b4:a3:60:f7:a0:1d
08[IKE] received cert request for unknown ca with keyid 01:f0:33:4c:1a:a1:d9:ee:5b:7b:a9:de:43:bc:02:7d:57:09:33:fb
08[IKE] received cert request for unknown ca with keyid 34:4f:30:2d:25:69:31:91:ea:f7:73:5c:ab:f5:86:8d:37:82:40:ec
08[IKE] received cert request for "C=US, ST=NC, L=Durham, O=ELC, CN=Jarrod, E=email"
08[IKE] received cert request for unknown ca with keyid 3e:df:29:0c:c1:f5:cc:73:2c:eb:3d:24:e1:7e:52:da:bd:27:e2:f0
08[IKE] received cert request for unknown ca with keyid da:ed:64:74:14:9c:14:3c:ab:dd:99:a9:bd:5b:28:4d:8b:3c:c9:d8
08[IKE] received cert request for unknown ca with keyid c0:7a:98:68:8d:89:fb:ab:05:64:0c:11:7d:aa:7d:65:b8:ca:cc:4e
08[IKE] received cert request for unknown ca with keyid a8:e3:02:96:70:a6:8b:57:eb:ec:ef:cc:29:4e:91:74:9a:d4:92:38
08[IKE] received cert request for unknown ca with keyid 30:a4:e6:4f:de:76:8a:fc:ed:5a:90:84:28:30:46:79:2c:29:15:70
08[IKE] received cert request for unknown ca with keyid 48:e6:68:f9:2b:d2:b2:95:d7:47:d8:23:20:10:4f:33:98:90:9f:d4
08[IKE] received cert request for unknown ca with keyid 87:db:d4:5f:b0:92:8d:4e:1d:f8:15:67:e7:f2:ab:af:d6:2b:67:75
08[IKE] received cert request for unknown ca with keyid 4a:81:0c:de:f0:c0:90:0f:19:06:42:31:35:a2:a2:8d:d3:44:fd:08
08[IKE] received cert request for unknown ca with keyid 07:15:28:6d:70:73:aa:b2:8a:7c:0f:86:ce:38:93:00:38:05:8a:b1
08[IKE] received cert request for unknown ca with keyid f0:17:62:13:55:3d:b3:ff:0a:00:6b:fb:50:84:97:f3:ed:62:d0:1a
08[IKE] received cert request for unknown ca with keyid 1a:21:b4:95:2b:62:93:ce:18:b3:65:ec:9c:0e:93:4c:b3:81:e6:d4
08[IKE] received cert request for unknown ca with keyid 59:79:12:de:61:75:d6:6f:c4:23:b7:77:13:74:c7:96:de:6f:88:72
08[IKE] received cert request for unknown ca with keyid 6c:ca:bd:7d:b4:7e:94:a5:75:99:01:b6:a7:df:d4:5d:1c:09:1c:cc
08[IKE] received cert request for unknown ca with keyid 42:32:b6:16:fa:04:fd:fe:5d:4b:7a:c3:fd:f7:4c:40:1d:5a:43:af
08[IKE] received cert request for unknown ca with keyid 1a:21:b4:95:2b:62:93:ce:18:b3:65:ec:9c:0e:93:4c:b3:81:e6:d4
08[IKE] received cert request for unknown ca with keyid e2:7f:7b:d8:77:d5:df:9e:0a:3f:9e:b4:cb:0e:2e:a9:ef:db:69:77
08[IKE] received cert request for unknown ca with keyid c9:8e:13:bb:7a:78:a0:05:81:8c:32:7a:6e:df:57:a0:49:32:69:1e
08[IKE] received cert request for unknown ca with keyid fb:61:40:61:b4:8a:bc:eb:56:1d:64:16:1f:ab:6d:f3:f7:ae:45:a5
08[IKE] received cert request for unknown ca with keyid 5f:f3:24:6c:8f:91:24:af:9b:5f:3e:b0:34:6a:f4:2d:5c:a8:5d:cc
08[IKE] received cert request for unknown ca with keyid 83:31:7e:62:85:42:53:d6:d7:78:31:90:ec:91:90:56:e9:91:b9:e3
08[IKE] received cert request for unknown ca with keyid 53:32:d1:b3:cf:7f:fa:e0:f1:a0:5d:85:4e:92:d2:9e:45:1d:b4:4f
08[IKE] received cert request for unknown ca with keyid 55:e4:81:d1:11:80:be:d8:89:b9:08:a3:31:f9:a1:24:09:16:b9:70
08[IKE] received cert request for unknown ca with keyid e2:7f:7b:d8:77:d5:df:9e:0a:3f:9e:b4:cb:0e:2e:a9:ef:db:69:77
08[IKE] received cert request for unknown ca with keyid b1:81:08:1a:19:a4:c0:94:1f:fa:e8:95:28:c1:24:c9:9b:34:ac:c7
08[IKE] received cert request for unknown ca with keyid 23:4b:71:25:56:13:e1:30:dd:e3:42:69:c9:cc:30:d4:6f:08:41:e0
08[IKE] received cert request for unknown ca with keyid 00:ad:d9:a3:f6:79:f6:6e:74:a9:7f:33:3d:81:17:d7:4c:cf:33:de
08[IKE] received cert request for unknown ca with keyid b0:19:89:e7:ef:fb:4a:af:cb:14:8f:58:46:39:76:22:41:50:e1:ba
08[IKE] received cert request for unknown ca with keyid 7c:d3:95:1f:f4:48:1b:32:cf:6b:e3:55:43:03:6d:0b:45:7d:72:26
08[IKE] received cert request for unknown ca with keyid a8:48:b4:24:2f:c6:ea:24:a0:d7:8e:3c:b9:3c:5c:78:d7:98:33:e4
08[IKE] received cert request for unknown ca with keyid ee:e5:9f:1e:2a:a5:44:c3:cb:25:43:a6:9a:5b:d4:6a:25:bc:bb:8e
08[IKE] received cert request for unknown ca with keyid b0:a1:22:d9:47:c9:fe:15:01:5b:db:a6:f2:30:96:26:ad:eb:b2:57
08[IKE] received cert request for unknown ca with keyid 07:15:28:6d:70:73:aa:b2:8a:7c:0f:86:ce:38:93:00:38:05:8a:b1
08[IKE] received cert request for unknown ca with keyid 68:33:0e:61:35:85:21:59:29:83:a3:c8:d2:d2:e1:40:6e:7a:b3:c1
08[IKE] received cert request for unknown ca with keyid 4f:9c:7d:21:79:9c:ad:0e:d8:b9:0c:57:9f:1a:02:99:e7:90:f3:87
08[IKE] received cert request for unknown ca with keyid 1f:f3:58:8a:da:76:3a:c6:7e:cb:9d:00:64:e7:e8:18:2c:fe:30:20
08[IKE] received end entity cert "O=Chris VPN service, CN=client1"

>From the win 7 client:
error 13801 ike auth credentials unacceptable

In this "2nd" section i see:
no private key found for.....
I copied all regenerated certs to the strongswan server to the appropriate folder.




More information about the Users mailing list