[strongSwan] IKEv1 Pubkey Auth Fails from Windows to Linux

Tobias Brunner tobias at strongswan.org
Thu Feb 4 11:48:52 CET 2016

Hi Quinn,

>> Certificates used by different hosts seem to use the same subject DN.
>> Are these actually the same certificates/keys?
> Yes.  I am using the same end-entity certificate/key on all of my test systems (Red Hat and Windows).

Are you absolutely sure that all certificates with the same subject DN
are actually based on the same public/private key pair?   Refer to [1]
for a similar issue where that was not the case (although, it was IKEv2
and the authentication succeeded there after failed attempts).  Anyway,
doing this is definitely not recommended.

> In case it makes a difference, I did test opening a tunnel from Linux
> to Windows, and that is now working properly (with the fix to the
> Windows configuration).

Interesting.  How does the output of `ipsec listcerts` look like after
each of these runs?


[1] https://wiki.strongswan.org/issues/733#note-12

More information about the Users mailing list