[strongSwan] using strongswan to create eap-tls connection like windows 10
sacho.polo at gmail.com
Fri Feb 1 05:17:37 CET 2019
I am trying to create a test setup that will simulate a windows 10 client
connecting using eap-identity and certs. I am hitting an error that I
cannot figure out after running down the usual suspects. The same certs
used on a windows client works. I have copied my config below, and also the
error seen. I am hoping someone can point me in the right direction.
The error I see on the responder is
*signature verification failed, trying another key*
*no trusted certificate found for 'test-client' to verify TLS peer*
I have checked the following:
1. ca cert present on both sides in the cacert directory. They show up in
"ipsec stroke listcacerts" output on both sides.
2. client cert has proper key. The output of "ipsec stroke listcerts" shows
that the client crt has a private key. The private key is listed in the
3. The eap-identity appears in the DNS of the client cert.
I am using strongswan-5.1.2 . I must have messed up some config, but I
can't figure out what. I checked the certs and keys. What am I missing?
thanx in advance,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users