[strongSwan] Small Problems with 5.2
Martin Willi
martin at strongswan.org
Tue Jul 15 11:24:04 CEST 2014
Dirk,
> was there a change in 5.2 about charon asking for the certificate of
> the peer? I can establish a connection when I add leftsendcert=yes to
> the configuration of my roadwarrior.
None that I'm aware of. leftsendcert=ifasked was the policy ever since.
> If I don't add it I get a connection with 5.1.3 but on 5.2 I get:
> [IKE] no trusted RSA public key found for 'C=DE, O=xxxx'
> in the log of the server.
As the default policy is "ifasked", this most likely implies that your
server does not send a certificate request. By default certificate
requests are sent; what is your rightsendcert setting on the server?
charon logs the certificates and certificate requests sent/received
during the exchange, that should help in analyzing what is missing.
Regards
Martin
More information about the Users
mailing list