[strongSwan] Difficulty connecting to windows server with linux strongswan client

joakim at verona.se joakim at verona.se
Fri Nov 17 22:02:44 CET 2017


I'm trying to use a ubuntu strongswan client to connect to a windows vpn
server. I'm a strongswan newbie. Also I'm not managing the windows
server, but the admin is pretty helpful.

The config is anonymized a bit. I tried a lot of different
configurations and this is just the latest one.

The idea is that first should psk be used, and then smartcard cert
should be used for the 2nd phase.

It seems that the psk phase works AFAICS, but then negotiation stops,
seemingly because the received cert doesnt match the ip or something.

The end of the log looks like:
12[ENC] parsed IKE_AUTH response 4 [ EAP/REQ/PEAP ]
12[TLS] negotiated TLS 1.2 using suite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
12[TLS] server certificate does not match to ''
12[TLS] sending fatal TLS alert 'access denied'
12[ENC] generating IKE_AUTH request 5 [ EAP/RES/PEAP ]

Is there some way around this? Is there some way to add an exception for
this certificate or something?

Mac clients are able to connect to the
same server as well as windows based clients.

The config.

config setup
	uniqueids = yes
	charondebug="ike 4, knl 4,cfg 4,lib 4,tls 4"
#	nat_traversal=yes

# Add connections here.
conn my-ipsec
     leftid=user at domain

Joakim Verona
joakim at verona.se

More information about the Users mailing list