[strongSwan] Using StrongSwan for IPSec VPN on CentOS 7 - no matching peer config found.
jvpn at use.startmail.com
Mon Jan 4 16:32:16 CET 2016
Thanks for a yet another pointer to a page with instructions.
I confirmed that the root cause of my problems was server certificate
Strongswan pki commands provided in various samples create server
certificate that is not sufficiently acceptable:
strongswan: 08[CFG] id 'fqdn' not confirmed by certificate, defaulting
to 'C=CH, O=fqdn-ca, CN=fqdn'
I ended up creating certificate using pfsense certificate manager and
that solved the problem.
Certificate analysis shows that pfsense created certificate has IP
address as alternative name as shown in openssl x509 output
# openssl x509 -in certs/vpnHostCert.pem -noout -text
X509v3 Subject Alternative Name:
DNS:fqdn, IP Address:nnn.nnn.nnn.nnn
while strongswan pki created does not have 'IP Address' keyword.
Could you please check alternative names in your certificate?
On 01/04/2016 09:57 AM, Derek Cameron wrote:
> Hi, Josh,
> I am using Debian 8 rather than CentOS 7, but it works fine for iOS 9
> Here is what I did:
> Users mailing list
> Users at lists.strongswan.org
More information about the Users