[strongSwan] Windows 7 <-> strongswan constraints error

Martin Willi martin at strongswan.org
Tue Jul 29 14:20:46 CEST 2014


> "constraint check failed: peer not authenticated by CA 'C=GR, [...]

>    rightca="C=GR, [...]"
>    rightauth=eap-tls

Unfortunately, enforcing CA and other PKI constraints is currently not
supported with EAP(-TLS) authentication. It only works for direct IKE
certificate authentication.

For Windows clients, this means you'd have to use machine certificates
(or drop your CA constraint).



More information about the Users mailing list