[Swan] StrongSwan connectivity problems IKEv2 (Android/Linux)
Paul Wouters
paul at nohats.ca
Wed Apr 25 15:27:53 UTC 2018
On Wed, 25 Apr 2018, bessonov.victor at e-queo.com wrote:
> Hello! It looks like there are some problems with StronSwan
> connectivity. (I've tried both on Android and Linux) Or I'm doing
> something wrong. I've set up everything as per instructions, I am able
> to connect from Windows 10 native client, but connecting from
> StrongSwan fails with logs like:
> "roadwarriors"[1] 188.233.186.70 #1: certificate verified OK:
> C=RU,ST=Volgograd oblast,L=Volgograd,O=eQueo IPSec,OU=IT Dept.,CN=j.doe
> "roadwarriors"[1] 188.233.186.70 #1: No matching subjectAltName found
> "roadwarriors"[1] 188.233.186.70 #1: certificate does not contain ID_IP
> subjectAltName=188.233.186.70
It looks like you configured strongswan to use an ID kind of IP, but are
missing the SubjectAltName for that IP inside the certificate.
You should be using the CN= or one of the DNS based SubjectAltName
entries of your certificate as the configured ID on strongswan.
Paul
More information about the Swan
mailing list