[strongSwan] Mac OS 10.10 Client to Linux Strongswan server HASH N(AUTH_FAILED) error

Jude Oliver judeo at blansys.com
Fri Apr 22 15:37:50 CEST 2016

Sorry I am not following, pretty new to this so please be patient and walk
me through this.
Keeping with left = local and right = remote.
The client (left) attempts to initiative an XAuth/RSA, passing its cert
(DN C=US, O=BSI, CN=judeo at blansys.com) even though my I have
leftauth2=xauth that is nor sufficient? Should I set left=xauth ?
And for rightid=, I should set this to the DN?
Thanks again for any insight.


Jude Oliver
1100 Poydras St. Suite 1230
New Orleans, LA 70163
Main Office: 504-529-8869
Joliver at blansys.com
www.blanchardsystems.com <http://www.blanchardsystems.com/>


Join Blanchard Systems

2016 Tips and Tricks Training Webinars

Check out the Blanchard Systems 2015 FREE monthly Tips & Tricks training
Click Here <http://www.blanchardsystems.com/events/> to view the schedule
and register for one of our upcoming events.

On 4/18/16, 10:23 AM, "Tobias Brunner" <tobias at strongswan.org> wrote:

>Hi Jude,
>> Any insights into what I am missing in my setup, my hope is that this is
>> just some simple newbie mistake I am doing.
>Try reading the log:
>> Apr 18 09:45:42 RH7Standard charon: 12[CFG] looking for XAuthInitRSA
>>peer configs matching[C=US, O=BSI,
>>CN=judeo at blansys.com]
>The client wants to initiate an XAuth/RSA connection (with its
>certificate's subject DN as identity).  However, your config specifies:
>>    leftauth=psk
>>    rightauth=psk
>>    rightauth2=xauth
>That is, you configured XAuth/PSK.  You also set:
>>    rightid=
>Which wouldn't match that subject DN even if the authentication methods
>were the same.
>You might want to have a look at [1].
>[1] https://wiki.strongswan.org/projects/strongswan/wiki/IOS_%28Apple%29

More information about the Users mailing list