[strongSwan] IKEv1 Pubkey Auth Fails from Windows to Linux

Detweiler, Quinn Quinn.Detweiler at unisys.com
Wed Feb 3 18:24:56 CET 2016

Hi Tobias,

>Certificates used by different hosts seem to use the same subject DN.
>Are these actually the same certificates/keys?

Yes.  I am using the same end-entity certificate/key on all of my test systems (Red Hat and Windows).

>Why would the Windows host send a certificate request for the end-entity
>certificate.  Seems like a misconfiguration (e.g. certificate in the
>wrong keystore).

I hadn't noticed this.  I was able to fix the Windows configuration so that the end-entity certificate is no longer requested; however, I am still getting the signature validation failed error.  New log attached.

In case it makes a difference, I did test opening a tunnel from Linux to Windows, and that is now working properly (with the fix to the Windows configuration).  I've attached a log from that case as well.

Thank you for your help!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: windows-to-linux-syslog
Type: application/octet-stream
Size: 10236 bytes
Desc: windows-to-linux-syslog
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160203/c3766ac3/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: linux-to-windows-syslog
Type: application/octet-stream
Size: 11530 bytes
Desc: linux-to-windows-syslog
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160203/c3766ac3/attachment-0003.obj>

More information about the Users mailing list