[strongSwan] Upgrade to 5.6.3 breaks Windows 10
Christian Salway
christian.salway at naimuri.com
Thu May 31 11:29:27 CEST 2018
Just updated strongSwan from 5.6.2 to 5.6.3 and now the certificate auth doesn’t work from Windows 10 (OSX works) with an IKE error.
IKE authentication credentials are unacceptable. The error code returned on failure is 13801.
The certificates are created as follows
openssl req -new -newkey rsa:4096 -sha384 -nodes \
-subj "/CN=vpnuser" \
-keyout private/vpnuser.key -out requests/vpnuser.csr
openssl ca -config openssl.cnf -create_serial -days 395 \
-keyfile private/ca.key -cert ca.crt -passin pass:"${CAKEYPSWD}" \
-in requests/vpnuser.csr -notext \
-extfile <(cat <<EOF
basicConstraints = CA:false
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
authorityInfoAccess = OCSP;URI:http://127.0.0.1:2560
keyUsage=digitalSignature, nonRepudiation
extendedKeyUsage = clientAuth
subjectAltName = DNS:vpnuser
EOF
)
Looking at the changleLog, there isn’t any obvious reason… https://wiki.strongswan.org/projects/strongswan/wiki/Changelog56 <https://wiki.strongswan.org/projects/strongswan/wiki/Changelog56>
Any ideas?
C
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180531/7c06ec80/attachment.html>
More information about the Users
mailing list