[strongSwan] Difficulty connecting to windows server with linux strongswan client

joakim at verona.se joakim at verona.se
Fri Nov 17 22:02:44 CET 2017


Hello,

I'm trying to use a ubuntu strongswan client to connect to a windows vpn
server. I'm a strongswan newbie. Also I'm not managing the windows
server, but the admin is pretty helpful.

The config is anonymized a bit. I tried a lot of different
configurations and this is just the latest one.

The idea is that first should psk be used, and then smartcard cert
should be used for the 2nd phase.

It seems that the psk phase works AFAICS, but then negotiation stops,
seemingly because the received cert doesnt match the ip or something.

The end of the log looks like:
12[ENC] parsed IKE_AUTH response 4 [ EAP/REQ/PEAP ]
12[TLS] negotiated TLS 1.2 using suite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
12[TLS] server certificate does not match to '192.168.220.3'
12[TLS] sending fatal TLS alert 'access denied'
12[ENC] generating IKE_AUTH request 5 [ EAP/RES/PEAP ]

Is there some way around this? Is there some way to add an exception for
this certificate or something?

Mac clients are able to connect to the
same server as well as windows based clients.


The config.

config setup
       	strictcrlpolicy=no
	uniqueids = yes
	#charondebug="all"
	charondebug="ike 4, knl 4,cfg 4,lib 4,tls 4"
#	nat_traversal=yes

# Add connections here.
conn my-ipsec
     leftid=user at domain
	
     leftcert=%smartcard:45
     authby=pubkey
     rightid=%any
      
     right=theserver
     rightcert2=sstputvupa.cer
     
     leftauth=eap
     rightauth=psk
     auto=start



-- 
Joakim Verona
joakim at verona.se
+46705459454



More information about the Users mailing list