[strongSwan] Win7 and Window10Mobile: IKE authentication credentials are unacceptable
Arne Schmid
arne.j.schmid at outlook.com
Mon May 2 09:54:17 CEST 2016
Hi Tobias,
Somehow it didn't catch the right peer config (or none at all)
I'm now as far as the connection establishes until there is a "no trusted certificate found for 'client at vpn.EXAMPLE.de' to verify TLS peer"
Which somehow irritates me - the certificates are all set up in the /etc/ipsec.d/cert, cacert, etc folders...
charon.logMay 2 09:34:49 07[CFG] <winCert|2> selected peer config 'winCert'May 2 09:34:49 07[IKE] <winCert|2> initiating EAP-Identity requestMay 2 09:34:49 07[IKE] <winCert|2> processing INTERNAL_IP4_ADDRESS attributeMay 2 09:34:49 07[IKE] <winCert|2> processing INTERNAL_IP4_DNS attributeMay 2 09:34:49 07[IKE] <winCert|2> processing INTERNAL_IP4_NBNS attributeMay 2 09:34:49 07[IKE] <winCert|2> processing INTERNAL_IP4_SERVER attributeMay 2 09:34:49 07[IKE] <winCert|2> processing INTERNAL_IP6_ADDRESS attributeMay 2 09:34:49 07[IKE] <winCert|2> processing INTERNAL_IP6_DNS attributeMay 2 09:34:49 07[IKE] <winCert|2> processing INTERNAL_IP6_SERVER attributeMay 2 09:34:49 07[IKE] <winCert|2> peer supports MOBIKEMay 2 09:34:49 07[IKE] <winCert|2> authentication of 'C=CN, O=EXAMPLE, CN=vpn.EXAMPLE.de' (myself) with RSA signature successfulMay 2 09:34:49 07[IKE] <winCert|2> sending end entity cert "C=CN, O=EXAMPLE, CN=vpn.EXAMPLE.de"May 2 09:34:49 05[IKE] <winCert|2> received EAP identity 'client at vpn.EXAMPLE.de'May 2 09:34:49 05[TLS] <winCert|2> 33 supported TLS cipher suites:May 2 09:34:49 05[TLS] <winCert|2> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHAMay 2 09:34:49 05[TLS] <winCert|2> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256May 2 09:34:49 05[TLS] <winCert|2> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHAMay 2 09:34:49 05[TLS] <winCert|2> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384May 2 09:34:49 05[TLS] <winCert|2> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHAMay 2 09:34:49 05[TLS] <winCert|2> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256May 2 09:34:49 05[TLS] <winCert|2> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHAMay 2 09:34:49 05[TLS] <winCert|2> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384May 2 09:34:49 05[TLS] <winCert|2> TLS_DHE_RSA_WITH_AES_128_CBC_SHAMay 2 09:34:49 05[TLS] <winCert|2> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256May 2 09:34:49 05[TLS] <winCert|2> TLS_DHE_RSA_WITH_AES_256_CBC_SHAMay 2 09:34:49 05[TLS] <winCert|2> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256May 2 09:34:49 05[TLS] <winCert|2> TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHAMay 2 09:34:49 05[TLS] <winCert|2> TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256May 2 09:34:49 05[TLS] <winCert|2> TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHAMay 2 09:34:49 05[TLS] <winCert|2> TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256May 2 09:34:49 05[TLS] <winCert|2> TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHAMay 2 09:34:49 05[TLS] <winCert|2> TLS_RSA_WITH_AES_128_CBC_SHAMay 2 09:34:49 05[TLS] <winCert|2> TLS_RSA_WITH_AES_128_CBC_SHA256May 2 09:34:49 05[TLS] <winCert|2> TLS_RSA_WITH_AES_256_CBC_SHAMay 2 09:34:49 05[TLS] <winCert|2> TLS_RSA_WITH_AES_256_CBC_SHA256May 2 09:34:49 05[TLS] <winCert|2> TLS_RSA_WITH_CAMELLIA_128_CBC_SHAMay 2 09:34:49 05[TLS] <winCert|2> TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256May 2 09:34:49 05[TLS] <winCert|2> TLS_RSA_WITH_CAMELLIA_256_CBC_SHAMay 2 09:34:49 05[TLS] <winCert|2> TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256May 2 09:34:49 05[TLS] <winCert|2> TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHAMay 2 09:34:49 05[TLS] <winCert|2> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHAMay 2 09:34:49 05[TLS] <winCert|2> TLS_RSA_WITH_3DES_EDE_CBC_SHAMay 2 09:34:49 05[TLS] <winCert|2> TLS_ECDHE_ECDSA_WITH_NULL_SHAMay 2 09:34:49 05[TLS] <winCert|2> TLS_ECDHE_RSA_WITH_NULL_SHAMay 2 09:34:49 05[TLS] <winCert|2> TLS_RSA_WITH_NULL_SHAMay 2 09:34:49 05[TLS] <winCert|2> TLS_RSA_WITH_NULL_SHA256May 2 09:34:49 05[TLS] <winCert|2> TLS_RSA_WITH_NULL_MD5May 2 09:34:49 05[TLS] <winCert|2> sending EAP_TLS start packet (6 bytes)May 2 09:34:49 05[IKE] <winCert|2> initiating EAP_TLS method (id 0xAC)May 2 09:34:50 04[TLS] <winCert|2> processing TLS Handshake record (169 bytes)May 2 09:34:50 04[TLS] <winCert|2> received TLS ClientHello handshake (165 bytes)May 2 09:34:50 04[TLS] <winCert|2> received TLS 'status request' extensionMay 2 09:34:50 04[TLS] <winCert|2> received TLS 'elliptic curves' extensionMay 2 09:34:50 04[TLS] <winCert|2> received TLS 'ec point formats' extensionMay 2 09:34:50 04[TLS] <winCert|2> received TLS 'signature algorithms' extensionMay 2 09:34:50 04[TLS] <winCert|2> received TLS '(35)' extensionMay 2 09:34:50 04[TLS] <winCert|2> received TLS '(23)' extensionMay 2 09:34:50 04[TLS] <winCert|2> received TLS 'renegotiation info' extensionMay 2 09:34:50 04[TLS] <winCert|2> received 30 TLS cipher suites:May 2 09:34:50 04[TLS] <winCert|2> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384May 2 09:34:50 04[TLS] <winCert|2> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256May 2 09:34:50 04[TLS] <winCert|2> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384May 2 09:34:50 04[TLS] <winCert|2> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256May 2 09:34:50 04[TLS] <winCert|2> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384May 2 09:34:50 04[TLS] <winCert|2> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256May 2 09:34:50 04[TLS] <winCert|2> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384May 2 09:34:50 04[TLS] <winCert|2> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256May 2 09:34:50 04[TLS] <winCert|2> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384May 2 09:34:50 04[TLS] <winCert|2> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256May 2 09:34:50 04[TLS] <winCert|2> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHAMay 2 09:34:50 04[TLS] <winCert|2> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHAMay 2 09:34:50 04[TLS] <winCert|2> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHAMay 2 09:34:50 04[TLS] <winCert|2> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHAMay 2 09:34:50 04[TLS] <winCert|2> TLS_DHE_RSA_WITH_AES_256_CBC_SHAMay 2 09:34:50 04[TLS] <winCert|2> TLS_DHE_RSA_WITH_AES_128_CBC_SHAMay 2 09:34:50 04[TLS] <winCert|2> TLS_RSA_WITH_AES_256_GCM_SHA384May 2 09:34:50 04[TLS] <winCert|2> TLS_RSA_WITH_AES_128_GCM_SHA256May 2 09:34:50 04[TLS] <winCert|2> TLS_RSA_WITH_AES_256_CBC_SHA256May 2 09:34:50 04[TLS] <winCert|2> TLS_RSA_WITH_AES_128_CBC_SHA256May 2 09:34:50 04[TLS] <winCert|2> TLS_RSA_WITH_AES_256_CBC_SHAMay 2 09:34:50 04[TLS] <winCert|2> TLS_RSA_WITH_AES_128_CBC_SHAMay 2 09:34:50 04[TLS] <winCert|2> TLS_RSA_WITH_3DES_EDE_CBC_SHAMay 2 09:34:50 04[TLS] <winCert|2> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256May 2 09:34:50 04[TLS] <winCert|2> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256May 2 09:34:50 04[TLS] <winCert|2> TLS_DHE_DSS_WITH_AES_256_CBC_SHAMay 2 09:34:50 04[TLS] <winCert|2> TLS_DHE_DSS_WITH_AES_128_CBC_SHAMay 2 09:34:50 04[TLS] <winCert|2> TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHAMay 2 09:34:50 04[TLS] <winCert|2> TLS_RSA_WITH_RC4_128_SHAMay 2 09:34:50 04[TLS] <winCert|2> TLS_RSA_WITH_RC4_128_MD5May 2 09:34:50 04[TLS] <winCert|2> negotiated TLS version TLS 1.2 with suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHAMay 2 09:34:50 04[TLS] <winCert|2> sending TLS ServerHello handshake (38 bytes)May 2 09:34:50 04[TLS] <winCert|2> sending TLS server certificate 'C=CN, O=EXAMPLE, CN=vpn.EXAMPLE.de'May 2 09:34:50 04[TLS] <winCert|2> sending TLS Certificate handshake (853 bytes)May 2 09:34:50 04[TLS] <winCert|2> selected ECDH group SECP256R1May 2 09:34:50 04[TLS] <winCert|2> created signature with SHA256/RSAMay 2 09:34:50 04[TLS] <winCert|2> sending TLS ServerKeyExchange handshake (329 bytes)May 2 09:34:50 04[TLS] <winCert|2> sending TLS cert request for 'C=CN, O=EXAMPLE, CN=EXAMPLE ca'May 2 09:34:50 04[TLS] <winCert|2> sending TLS CertificateRequest handshake (87 bytes)May 2 09:34:50 04[TLS] <winCert|2> sending TLS ServerHelloDone handshake (0 bytes)May 2 09:34:50 04[TLS] <winCert|2> sending TLS Handshake record (1327 bytes)May 2 09:34:50 04[TLS] <winCert|2> sending EAP_TLS first fragment (512 bytes)May 2 09:34:50 01[TLS] <winCert|2> received EAP_TLS acknowledgement packetMay 2 09:34:50 01[TLS] <winCert|2> sending EAP_TLS further fragment (512 bytes)May 2 09:34:50 15[TLS] <winCert|2> received EAP_TLS acknowledgement packetMay 2 09:34:50 15[TLS] <winCert|2> sending EAP_TLS final fragment (330 bytes)May 2 09:34:50 13[TLS] <winCert|2> processing TLS Handshake record (1198 bytes)May 2 09:34:50 13[TLS] <winCert|2> received TLS Certificate handshake (860 bytes)May 2 09:34:50 13[TLS] <winCert|2> received TLS peer certificate 'C=CN, O=EXAMPLE, CN=client at vpn.EXAMPLE.de'May 2 09:34:50 13[TLS] <winCert|2> received TLS ClientKeyExchange handshake (66 bytes)May 2 09:34:50 13[TLS] <winCert|2> received TLS CertificateVerify handshake (260 bytes)May 2 09:34:50 13[TLS] <winCert|2> no trusted certificate found for 'client at vpn.EXAMPLE.de' to verify TLS peerMay 2 09:34:50 13[TLS] <winCert|2> processing TLS ChangeCipherSpec record (1 bytes)May 2 09:34:50 13[TLS] <winCert|2> processing TLS Handshake record (64 bytes)May 2 09:34:50 13[TLS] <winCert|2> sending fatal TLS alert 'certificate unknown'May 2 09:34:50 13[TLS] <winCert|2> sending TLS Alert record (2 bytes)May 2 09:34:50 13[TLS] <winCert|2> sending EAP_TLS packet (17 bytes)May 2 09:34:50 11[TLS] <winCert|2> received EAP_TLS acknowledgement packetMay 2 09:34:50 11[IKE] <winCert|2> EAP method EAP_TLS failed for peer 10.145.250.86May 2 09:34:50 11[IKE] <winCert|2> IKE_SA winCert[2] state change: CONNECTING => DESTROYING
$ ipsec listall
List of X.509 End Entity Certificates:
altNames: vpn.EXAMPLE.de subject: "C=CN, O=EXAMPLE, CN=vpn.EXAMPLE.de" issuer: "C=CN, O=EXAMPLE, CN=EXAMPLE ca" serial: 42:74:78:dc:fb:e6:20:e5 validity: not before Apr 26 13:34:15 2016, ok not after Apr 26 13:34:15 2019, ok pubkey: RSA 2048 bits, has private key keyid: a3:59:05:59:8f:b5:72:33:4f:cd:3a:61:63:ef:ec:a1:f8:10:f7:85 subjkey: a9:c6:81:ee:06:02:5a:2c:4d:92:a1:4a:8a:be:c4:cd:29:e8:22:69 authkey: 8c:e9:ee:33:b5:8a:f7:11:88:b1:15:3f:0c:8f:4c:19:e6:28:f1:47
List of X.509 CA Certificates:
subject: "C=CN, O=EXAMPLE, CN=EXAMPLE ca" issuer: "C=CN, O=EXAMPLE, CN=EXAMPLE ca" serial: 00:cf:53:e9:6a:82:8e:08:da validity: not before Apr 25 19:32:30 2016, ok not after Apr 25 19:32:30 2019, ok pubkey: RSA 2048 bits keyid: 7e:7f:f2:cc:cd:6f:53:c3:01:15:06:46:16:cc:99:d8:09:7a:71:a1 subjkey: 8c:e9:ee:33:b5:8a:f7:11:88:b1:15:3f:0c:8f:4c:19:e6:28:f1:47 authkey: 8c:e9:ee:33:b5:8a:f7:11:88:b1:15:3f:0c:8f:4c:19:e6:28:f1:47
List of registered IKEv2 Algorithms:
encryption: AES_CBC[aes] 3DES_CBC[des] DES_CBC[des] DES_ECB[des] CAMELLIA_CBC[openssl] RC5_CBC[openssl] IDEA_CBC[openssl] CAST_CBC[openssl] BLOWFISH_CBC[openssl] NULL[openssl] AES_CTR[ctr] CAMELLIA_CTR[ctr] integrity: AES_XCBC_96[xcbc] CAMELLIA_XCBC_96[xcbc] HMAC_SHA1_96[hmac] HMAC_SHA1_128[hmac] HMAC_SHA1_160[hmac] HMAC_SHA2_256_128[hmac] HMAC_SHA2_256_256[hmac] HMAC_MD5_96[hmac] HMAC_MD5_128[hmac] HMAC_SHA2_384_192[hmac] HMAC_SHA2_384_384[hmac] HMAC_SHA2_512_256[hmac] aead: AES_CCM_8[ccm] AES_CCM_12[ccm] AES_CCM_16[ccm] CAMELLIA_CCM_8[ccm] CAMELLIA_CCM_12[ccm] CAMELLIA_CCM_16[ccm] AES_GCM_8[gcm] AES_GCM_12[gcm] AES_GCM_16[gcm] hasher: HASH_SHA1[sha1] HASH_SHA224[sha2] HASH_SHA256[sha2] HASH_SHA384[sha2] HASH_SHA512[sha2] HASH_MD5[md5] HASH_MD2[openssl] HASH_MD4[openssl] prf: PRF_KEYED_SHA1[sha1] PRF_FIPS_SHA1_160[fips-prf] PRF_AES128_XCBC[xcbc] PRF_CAMELLIA128_XCBC[xcbc] PRF_HMAC_SHA1[hmac] PRF_HMAC_SHA2_256[hmac] PRF_HMAC_MD5[hmac] PRF_HMAC_SHA2_384[hmac] PRF_HMAC_SHA2_512[hmac] dh-group: MODP_2048[openssl] MODP_2048_224[openssl] MODP_2048_256[openssl] MODP_1536[openssl] ECP_256[openssl] ECP_384[openssl] ECP_521[openssl] ECP_224[openssl] ECP_192[openssl] MODP_3072[openssl] MODP_4096[openssl] MODP_6144[openssl] MODP_8192[openssl] MODP_1024[openssl] MODP_1024_160[openssl] MODP_768[openssl] MODP_CUSTOM[openssl] random-gen: RNG_STRONG[random] RNG_TRUE[random]
My ipsec.conf:
config setup charondebug="ike 2, knl 3, cfg 1, enc -1, lib -1" charonstart=yes plutostart=no conn %default keyexchange=ikev2 dpdaction=clear dpddelay=300s rekey=no
conn winCert left=%defaultroute leftcert=vpn.server.cert.pem leftauth=pubkey leftsubnet=0.0.0.0/24 right=%any rightauth=eap-tls eap_identity=%identity rightsendcert=never rightsourceip=172.20.1.1/24 keyexchange=ikev2 auto=add
Client Cwertificate: Certificate: Data: Version: 3 (0x2) Serial Number: 16:9d:7d:a3:4e:fa:99:d8 Signature Algorithm: sha1WithRSAEncryption Issuer: C=CN, O=EXAMPLE, CN=EXAMPLE ca Validity Not Before: Apr 29 12:21:38 2016 GMT Not After : Apr 29 12:21:38 2019 GMT Subject: C=CN, O=EXAMPLE, CN=client at vpn.EXAMPLE.de Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:e8:67:b2:aa:3f:99:c7:cd:fa:e5:18:7d:0d:b4: 18:23:0a:a6:12:d6:ef:fe:a0:87:25:8b:bb:36:b7: 2c:d2:09:48:32:14:a4:62:49:a1:4d:1e:98:a7:5e: 15:68:b0:39:12:0c:fb:e1:1b:d1:6a:b7:05:c9:57: 46:39:19:63:db:31:bb:24:ca:9e:ff:4d:39:05:64: b0:22:14:41:24:db:47:01:8b:25:bb:be:fa:c3:6f: 00:51:91:31:75:cc:37:53:99:dd:aa:9a:d2:0d:4b: e3:c6:0c:82:26:04:80:52:46:aa:a9:2c:b9:df:04: 76:44:07:7c:1e:e4:a2:94:07:1a:d0:76:e8:92:21: 23:5a:eb:ff:01:b5:7e:b9:5b:cc:fa:d3:7d:ae:cb: 3f:54:51:4e:b1:bf:5a:15:cb:62:5e:90:66:13:51: 6d:70:f1:72:9f:c0:a5:14:16:06:27:1d:f0:5c:42: 92:61:2a:5b:e9:4f:4e:6b:78:b4:69:fc:3b:73:49: 4c:6d:fc:8a:28:6b:be:61:23:cd:7b:b7:38:6f:3e: 83:a0:86:ad:94:a3:76:a4:6f:f3:84:f5:c8:81:38: 3d:48:f5:71:98:f3:9c:15:a9:83:0f:31:85:be:73: 1b:f2:fe:87:b8:60:50:9e:9e:86:a4:51:62:ba:3c: 56:eb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: keyid:8C:33:48:94:BF:4B:B7:08:97:C9:99:A6:A8:F1:D0:4B:C0:89:4D:E5
X509v3 Subject Alternative Name: DNS:vpn.EXAMPLE.de X509v3 Extended Key Usage: TLS Web Client Authentication Signature Algorithm: sha1WithRSAEncryption 94:58:d4:1a:64:90:1f:b1:e6:f4:0c:f5:9f:83:87:71:c2:41: 1b:4a:33:7e:03:f4:b2:66:73:4c:85:11:e2:4b:c3:bd:36:0c: 70:66:40:aa:ae:67:4d:63:37:63:3f:b3:23:59:7b:24:89:e0: 17:c2:4a:b1:9f:6c:45:dd:0a:2d:c2:c7:5e:ab:d6:0c:0a:d5: 91:41:78:84:28:6d:11:93:8a:f4:94:0e:c9:83:b5:c4:ee:17: fe:32:11:ee:51:b7:7c:0c:d3:2d:b0:0b:e2:8c:d7:7b:23:3f: a9:18:e6:c6:92:93:e7:38:85:78:2b:57:44:cf:d8:c3:55:ad: ae:c2:01:49:e9:63:74:a2:60:9a:3c:41:3e:0b:c5:21:c8:0e: b7:af:bc:4b:36:13:d5:47:75:e2:6b:ba:5d:74:42:50:60:7a: 44:55:7a:b3:94:98:7b:d5:df:90:81:1d:fb:4a:98:4b:18:54: 96:77:ce:8d:b1:0d:96:1b:88:47:33:e9:89:81:a9:8d:5c:24: c4:2f:8a:e1:9a:c4:52:96:c6:12:4b:de:d0:e9:4e:cd:cf:24: 66:16:dd:f8:f1:13:88:3b:5d:82:8c:89:6b:db:f3:e2:24:88: de:a3:18:bb:e9:25:e1:75:c3:d8:a7:ef:23:a1:85:f0:6f:50: ef:4a:b5:a1
Server Certificate:Certificate: Data: Version: 3 (0x2) Serial Number: 2a:27:5d:38:11:4a:d3:15 Signature Algorithm: sha1WithRSAEncryption Issuer: C=CN, O=EXAMPLE, CN=EXAMPLE ca Validity Not Before: Apr 29 12:21:34 2016 GMT Not After : Apr 29 12:21:34 2019 GMT Subject: C=CN, O=EXAMPLE, CN=vpn.EXAMPLE.de Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:bd:8f:d0:ee:39:4c:91:69:9b:2e:17:de:f7:2e: 93:8c:53:65:c0:ec:ab:31:96:b6:e3:e0:16:e0:77: f4:8f:a8:cd:93:ee:19:30:87:0a:14:de:48:7f:a0: c4:0b:2c:43:d1:29:3b:99:b4:7a:b8:d9:f3:89:8f: 39:8e:12:d1:5e:7f:d9:02:dc:a1:6c:1f:81:85:67: f8:a3:fa:8b:bc:22:0a:80:64:2d:88:14:79:25:ad: e6:08:6b:e6:c0:c0:ee:02:15:ff:3c:17:69:7e:82: 37:cd:e7:d0:27:56:18:99:0a:90:f9:45:04:de:fe: bc:03:38:d1:73:4d:c1:5c:76:7a:0c:b6:f7:2b:dd: 3f:d9:46:57:bf:b6:af:30:de:52:d6:3e:56:3a:43: 0d:9e:bc:6f:e2:a2:10:ed:e6:0f:d5:9d:ed:9a:c9: 7b:db:64:ba:06:4f:0e:ba:dd:58:b4:df:49:00:db: 13:c7:c9:7b:0e:25:2d:19:fb:ad:75:42:e6:f6:93: bc:3a:7b:37:2d:51:4a:25:9f:d4:56:0f:30:d3:eb: ec:81:c5:36:45:bf:d8:bc:ab:cb:41:40:90:c4:6b: 4f:99:53:f9:b5:52:76:ec:e3:f9:ef:e5:93:c9:d2: fd:e4:2c:59:7e:cd:ff:e2:e8:1f:61:b4:31:17:92: f6:95 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: keyid:8C:33:48:94:BF:4B:B7:08:97:C9:99:A6:A8:F1:D0:4B:C0:89:4D:E5
X509v3 Subject Alternative Name: DNS:vpn.EXAMPLE.de X509v3 Extended Key Usage: TLS Web Server Authentication Signature Algorithm: sha1WithRSAEncryption 69:b0:8d:80:d3:84:be:d0:a5:54:1b:6b:f6:4f:c5:4a:e9:e2: 99:42:7f:fa:26:8e:b8:ba:eb:a3:ba:c2:28:d1:62:1d:82:79: 54:73:25:4e:55:9f:21:a6:ce:54:e1:a9:06:e2:21:46:68:7e: 3d:5f:66:c6:91:7c:c3:c0:9b:b6:86:ce:c7:1c:f9:72:cf:40: e1:00:6a:17:c3:4d:66:dc:71:37:57:b6:10:d9:57:cd:33:41: 1f:5e:47:80:1c:19:d4:d4:f7:36:1e:2f:e0:bc:0e:09:46:fa: 77:39:f1:1a:b1:38:31:14:53:02:06:80:c5:a3:fa:76:1e:f4: 78:31:f9:95:71:f2:c9:29:77:86:b5:75:de:eb:1b:90:c4:34: e9:03:36:15:c5:4c:6c:a6:f2:f9:2c:01:34:29:56:36:0e:aa: 03:d8:af:e4:96:1f:f5:7b:6b:82:2f:c8:56:2c:8d:3b:88:a2: 87:34:66:e3:7f:19:c7:86:88:48:64:eb:5f:c5:32:11:4a:c7: 91:17:4a:de:24:7d:e1:af:f2:c4:2c:fd:8c:7b:d9:d8:12:05: 4d:81:2f:c5:e6:82:2a:a2:cf:d9:40:41:80:e0:15:a0:8b:d2: 31:f0:79:6b:06:48:ac:14:9f:a1:2b:eb:66:3a:61:47:95:a9: 9e:d5:6e:26
CA Certificate:Certificate: Data: Version: 3 (0x2) Serial Number: fc:f7:56:28:32:8e:88:55 Signature Algorithm: sha1WithRSAEncryption Issuer: C=CN, O=EXAMPLE, CN=EXAMPLE ca Validity Not Before: Apr 29 12:21:31 2016 GMT Not After : Apr 29 12:21:31 2019 GMT Subject: C=CN, O=EXAMPLE, CN=EXAMPLE ca Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:db:92:a0:a2:1d:f6:8e:cd:64:d8:da:b5:ab:a4: b9:40:fc:03:d9:43:94:9e:2b:42:4e:b7:d8:a7:0e: 3b:9e:be:49:76:b1:ae:d3:5f:72:b7:1d:4e:56:0c: bd:a8:d1:f1:73:81:b5:7f:15:a0:ab:fc:f3:2c:ec: c4:0b:aa:b1:82:bd:9b:09:a2:14:f6:84:a3:08:c7: 10:21:97:8e:9e:15:91:67:28:81:31:96:11:40:8f: 33:52:4a:e0:3a:fc:29:9a:db:15:ec:74:f5:db:52: 25:ff:a2:49:da:f9:de:84:c7:42:fa:d0:3a:71:cf: d5:28:8f:3b:bb:71:14:50:5e:f0:e1:2b:6a:da:5e: 77:35:f1:88:c3:0a:9a:19:80:05:b9:23:ce:bd:1c: a9:3a:b6:ed:90:48:05:00:e4:38:cf:e8:83:b8:c8: 1d:09:a8:0c:1e:1a:d2:cf:f4:83:02:4f:b9:ea:a3: f3:6f:6a:57:90:f6:72:c4:81:70:56:08:35:49:98: 41:e9:1b:0a:51:6f:af:8c:ec:f3:74:79:15:20:3a: 0d:b8:b2:7e:46:9f:76:12:04:4b:cc:cc:d4:a8:dc: 57:ed:10:e1:ec:4e:8e:db:ee:e0:f3:3a:c6:a1:49: d6:b6:87:21:5b:b7:e3:ed:2d:14:a2:3f:2e:06:c0: 8d:65 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 8C:33:48:94:BF:4B:B7:08:97:C9:99:A6:A8:F1:D0:4B:C0:89:4D:E5 X509v3 Authority Key Identifier: keyid:8C:33:48:94:BF:4B:B7:08:97:C9:99:A6:A8:F1:D0:4B:C0:89:4D:E5
Signature Algorithm: sha1WithRSAEncryption 1a:22:60:85:55:d6:12:47:c7:23:6b:7a:26:15:98:f5:cd:c6: fb:12:bb:5e:c4:8c:f3:b8:db:bb:68:6b:e5:40:a4:8f:1b:fc: 86:9a:65:48:b2:3c:4f:77:44:87:66:25:cf:9c:02:bd:61:81: 07:6d:28:82:c1:f9:36:dd:44:cf:fa:47:6d:82:9e:54:82:35: 38:7b:eb:ef:79:3d:f3:ba:5b:43:b2:78:99:76:5e:41:02:2f: 67:97:88:bb:ae:5b:6e:a1:9a:26:c2:c1:30:9d:e8:93:ed:99: da:02:db:f6:b2:56:b7:bb:80:c7:9f:a2:24:8a:41:f3:db:19: 74:ad:d2:e6:7c:5e:17:69:72:a0:d1:0d:fe:6e:b7:bf:9f:0c: ac:e3:8e:00:d5:86:a1:2f:27:6b:f6:c4:92:cc:af:c5:db:9c: ba:8b:1a:eb:aa:f0:74:6f:ef:78:d3:7f:c8:25:53:2c:e8:50: ca:7f:19:b6:f6:38:93:28:ba:28:d7:78:25:79:c9:7a:c0:23: 99:72:65:55:bb:23:e7:52:96:93:ae:b7:37:70:5e:0f:32:73: ee:d7:4c:35:24:81:96:d2:d3:fb:fb:93:49:27:b4:b4:f0:a0: d4:8f:7b:a9:3f:f1:a6:1c:65:71:11:ba:77:8f:ed:ee:d5:ef: 96:cb:47:bc
Thanks,
Arne
Subject: Re: [strongSwan] Win7 and Window10Mobile: IKE authentication credentials are unacceptable> To: arne.j.schmid at outlook.com; users at lists.strongswan.org
> From: tobias at strongswan.org
> Date: Fri, 29 Apr 2016 12:11:59 +0200
>
> Hi Arne,
>
> > Apr 28 20:09:50 12[IKE] <1> peer supports MOBIKE
> > Apr 28 20:09:50 12[IKE] <1> IKE_SA (unnamed)[1] state change: CONNECTING
> > => DESTROYING
>
> Looks like the daemon encountered an unrecoverable error, maybe while
> encoding the response message. Could leave the log levels for the two
> log groups you set to -1 at the default (which is 1) and try again so
> we'd see any error messages that might get logged while preparing the
> response.
>
> Regards,
> Tobias
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160502/a489bcfa/attachment-0001.html>
More information about the Users
mailing list