[strongSwan] Linux client won't connect.
Chama Sparky
sellosparky at gmail.com
Sat Aug 26 13:35:37 CEST 2017
Hello, This is my first try setting up strongswan and ipsec. I'm used to
openvpn but that is no longer a viable option. I have two strongswan
servers running on Debian with let's encrypt on. I thought it would be
nice not to deal with certificates on the client side. I can connect to
both boxes just fine form my android with IKEv2 EAP authentication.
On my linux desktop, at first strongswan was unable to fetch ocsp from LE
servers. Installing the curl plugin fixed that. Now, I'm stuck with a
public key error that I can not seem to solve.
Here is the last bit of the log:
checking certificate status of "CN=some.domain.com"
requesting ocsp status from 'http://ocsp.int-x3.letsencrypt.org' ...
ocsp response correctly signed by "C=US, O=Let's Encrypt, CN=Let's
Encrypt Authority X3"
ocsp response is valid: until Aug 25 18:00:00 2017
certificate status is good
no issuer certificate found for "C=US, O=Let's Encrypt, CN=Let's Encrypt
Authority X3"
no trusted RSA public key found for 'some.domain.com'
generating INFORMATIONAL request 2 [ N(AUTH_FAILED) ]
sending packet: from 192.168.31.116[4500] to 999.199.**.**[4500] (76 bytes)
establishing connection 'vpn' failed
I have tried to install the LE root certificates on my system. But the
problem persists. Here is the ipsec.conf on my desktop:
conn vpn
keyexchange=ikev2
dpdaction=clear
dpddelay=300s
eap_identity=dobry
leftauth=eap-mschapv2
left=%defaultroute
leftsourceip=%config
right=some.domain.com
rightauth=pubkey
rightsubnet=0.0.0.0/0
rightid=%any
type=tunnel
auto=add
Please, let me know what other informations might be relevant.
Any pointers would be greatly appreciated. Thank you for reading.
Sent
-
1/1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170826/cbd795b1/attachment.html>
More information about the Users
mailing list