[strongSwan] Upgrade to 5.6.3 breaks Windows 10

Christian Salway christian.salway at naimuri.com
Thu May 31 11:29:27 CEST 2018

Just updated strongSwan from 5.6.2 to 5.6.3 and now the certificate auth doesn’t work from Windows 10 (OSX works) with an IKE error.

IKE authentication credentials are unacceptable. The error code returned on failure is 13801.

The certificates are created as follows

openssl req -new -newkey rsa:4096 -sha384 -nodes \
-subj "/CN=vpnuser" \
-keyout private/vpnuser.key -out requests/vpnuser.csr

openssl ca -config openssl.cnf -create_serial -days 395 \
-keyfile private/ca.key -cert ca.crt -passin pass:"${CAKEYPSWD}" \
-in requests/vpnuser.csr -notext \
-extfile <(cat <<EOF
basicConstraints = CA:false
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
authorityInfoAccess = OCSP;URI:
keyUsage=digitalSignature, nonRepudiation
extendedKeyUsage = clientAuth
subjectAltName = DNS:vpnuser

Looking at the changleLog, there isn’t any obvious reason… https://wiki.strongswan.org/projects/strongswan/wiki/Changelog56 <https://wiki.strongswan.org/projects/strongswan/wiki/Changelog56>

Any ideas?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180531/7c06ec80/attachment.html>

More information about the Users mailing list