Generally speaking, I would try to use the most up-to-date version of strongSwan just to rule out that a bug that is already fixed causes the problem. You could configure the source code with s.th. like
./configure --prefix=/home/michael/strongswan_playground/ If you run "make install" afterwards, it copies the files into this dedicated directory instead of overwriting the existing version of strongSwan. What's the CA of the certificate you installed on the Windows 7 box? Did you store that in /etc/ipsec.d/cacerts. Please run ipsec listcacerts and provide the output to us. Also, a more comprehensive log file would be helpful. -Daniel Wihsböck Michael wrote: > Hi, > > I'm using StrongSwan 4.2.4 (default in Debian 5.0) and tried to enable it to > accept Windows 7 IPSec-VPN connections as desribed on > http://wiki.strongswan.org/wiki/1/Windows7. I got it working that the > certificates are accepted correctly on windows 7 side but now the connection > establishment times out. > The only message I receive on the StrongSwan system is "Dec 28 18:06:39 > debian charon: 09[AUD] 188.23.82.145 is initiating an IKE_SA". In the Windows > 7 Connection Status and Log Information Page > (http://wiki.strongswan.org/wiki/strongswan/Win7Status) this message is > immediately followed by something like "sending cert request for "C=AT, ..." > but this message doesn't appear :( > > My ipsec.conf: > > config setup > plutostart=no > > conn windows7 > left=%defaultroute > leftcert=server3Cert.pem > leftsubnet=192.168.21.0/24 > right=%any > rightsourceip=192.168.1.0/24 > rightid="C=AT, ST=Wien, O=Company, OU=Department, CN=support, > e=em...@test.tld" > keyexchange=ikev2 > auto=add > > Is the used strongSwan version too old? _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
