[strongSwan] Using StrongSwan for IPSec VPN on CentOS 7 - no matching peer config found.
Josh
jvpn at use.startmail.com
Mon Jan 4 16:32:16 CET 2016
Hi Derek,
Thanks for a yet another pointer to a page with instructions.
I confirmed that the root cause of my problems was server certificate
creation process.
Strongswan pki commands provided in various samples create server
certificate that is not sufficiently acceptable:
strongswan: 08[CFG] id 'fqdn' not confirmed by certificate, defaulting
to 'C=CH, O=fqdn-ca, CN=fqdn'
I ended up creating certificate using pfsense certificate manager and
that solved the problem.
Certificate analysis shows that pfsense created certificate has IP
address as alternative name as shown in openssl x509 output
# openssl x509 -in certs/vpnHostCert.pem -noout -text
...
X509v3 Subject Alternative Name:
DNS:fqdn, IP Address:nnn.nnn.nnn.nnn
...
while strongswan pki created does not have 'IP Address' keyword.
Could you please check alternative names in your certificate?
Regards,
Josh.
On 01/04/2016 09:57 AM, Derek Cameron wrote:
> Hi, Josh,
>
> I am using Debian 8 rather than CentOS 7, but it works fine for iOS 9
> clients.
>
> Here is what I did:
>
> https://dcamero.github.io
>
> Regards,
> Derek.
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
More information about the Users
mailing list