Hi Robert, I have been using strongSwan and Nokia VPN Client with certs for years now. Sometime the configuration has been bit tricky, but so far I have always been able to get it work at the end.
My default check list with certs is: 1. In the phone VPN settings find the poliview and check the certificate status from the policy details. It should show something like "ok". 2. Check that the certificates uses SHA-1 as the signature algorithm. (I guess md5 would also work, but I have not tested. I have had problems with SHA 256 and SHA 512) 3. The used key sizes should be 1024 or 2048 4. Subject name and issuer name should contain only most common components like: CN, OU, O, L and C. Regards, Simo Quoting Robert Markula <robert.mark...@gmx.net>: > Hi Simo, > > sberg...@cc.hut.fi wrote: >> Hi, >> >> It has been a while since I tested Nokia VPN with S60 3.1 phone, but >> back then I was able to get it work. >> >> In this kind of situation, there are few steps I would do: >> First I would download the latest versions of the Nokia mobile VPN >> client and the policy tool from: >> http://europe.nokia.com/support/download-software/nokia-mobile-vpn >> >> And then I would try to narrow down the problem by first trying to get >> the configuration work with simple PSK authentication. When this is >> working I would go on and try to get the certs to work. Symbian phones >> has been known to be bit picky about the certs. So this way you might >> be able to isolate the problem a bit and then figure out some work >> around. > > Good idea, I just tested it - the PSK authentication works flawlessly. > But as soon as RSA is involved, the phone's VPN client (I use the latest > version) is deaf. > > Some posts on the internet (e.g. [1]) suggest that RSA auth doesn't work > with the Nokia VPN Client and *swan. However, I find that a bit hard to > believe, hence my call for help here in this newsgroup. > Hmm... some more ideas? Oh, and if you happen to stumble upon your > working config that you used some time ago, I wouldn't mind if you'd > share this somehow :-) > > Cheers, > Robert > > [1] http://wiki.paepstin.info/nokia:vpn > _______________________________________________ > Users mailing list > Users@lists.strongswan.org > https://lists.strongswan.org/mailman/listinfo/users > _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
