[strongSwan] IKEv1 Pubkey Auth Fails from Windows to Linux
Tobias Brunner
tobias at strongswan.org
Thu Feb 4 11:48:52 CET 2016
Hi Quinn,
>> Certificates used by different hosts seem to use the same subject DN.
>> Are these actually the same certificates/keys?
>
> Yes. I am using the same end-entity certificate/key on all of my test systems (Red Hat and Windows).
Are you absolutely sure that all certificates with the same subject DN
are actually based on the same public/private key pair? Refer to [1]
for a similar issue where that was not the case (although, it was IKEv2
and the authentication succeeded there after failed attempts). Anyway,
doing this is definitely not recommended.
> In case it makes a difference, I did test opening a tunnel from Linux
> to Windows, and that is now working properly (with the fix to the
> Windows configuration).
Interesting. How does the output of `ipsec listcerts` look like after
each of these runs?
Regards,
Tobias
[1] https://wiki.strongswan.org/issues/733#note-12
More information about the Users
mailing list