[strongSwan] IKEv1 Pubkey Auth Fails from Windows to Linux

Detweiler, Quinn Quinn.Detweiler at unisys.com
Thu Feb 4 15:21:31 CET 2016 

Hi Tobias,

> Are you absolutely sure that all certificates with the same subject DN
> are actually based on the same public/private key pair?

Yes.  I'm using the exact same PKCS12 file on both systems. I even verified that the file was not corrupted by hashing it on both my Linux and Windows systems (hashes matched), and I verified that the keyid, serial, etc. are identical.

> Anyway, doing this is definitely not recommended.

Understood.  I generated another key pair to reproduce the test, and I am getting the same results even when a different key pair is used on the initiating system (e.g. Windows initiation fails, Red Hat initiation succeeds).  Logs attached.

> Interesting.  How does the output of `ipsec listcerts` look like after
> each of these runs?

In both the Linux to Linux and Windows to Linux cases, the output of ipsec listcerts is identical.  I've attached the output from my run using the same keypair on both sides and a second output from a run using a different keypair on both sides.

Thanks,
Quinn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: same-cert-listcerts
Type: application/octet-stream
Size: 559 bytes
Desc: same-cert-listcerts
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160204/07523605/attachment-0005.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: diff-certs-windows-to-linux-syslog
Type: application/octet-stream
Size: 10211 bytes
Desc: diff-certs-windows-to-linux-syslog
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160204/07523605/attachment-0006.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: diff-certs-listcerts
Type: application/octet-stream
Size: 1058 bytes
Desc: diff-certs-listcerts
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160204/07523605/attachment-0007.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: diff-certs-linux-to-windows-syslog
Type: application/octet-stream
Size: 7397 bytes
Desc: diff-certs-linux-to-windows-syslog
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160204/07523605/attachment-0008.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: diff-certs-linux-to-linux-syslog
Type: application/octet-stream
Size: 12757 bytes
Desc: diff-certs-linux-to-linux-syslog
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160204/07523605/attachment-0009.obj>

More information about the Users mailing list