Re: [strongSwan] StrongSwan 4.2.4 with Windows 7

Wed, 30 Dec 2009 05:23:15 -0800 

Hi Daniel,

thank you for your help. After switching to the newest strongswan release it 
works great.

Kind regards,
Michael

-----Original Message-----
From: Daniel Mentz [mailto:danielml+mailinglists.strongs...@sent.com] 
Sent: Tuesday, December 29, 2009 1:15 PM
To: Wihsböck Michael
Cc: users@lists.strongswan.org
Subject: Re: [strongSwan] StrongSwan 4.2.4 with Windows 7

Generally speaking, I would try to use the most up-to-date version of 
strongSwan just to rule out that a bug that is already fixed causes the 
problem.
You could configure the source code with s.th. like

./configure --prefix=/home/michael/strongswan_playground/

If you run "make install" afterwards, it copies the files into this 
dedicated directory instead of overwriting the existing version of 
strongSwan.

What's the CA of the certificate you installed on the Windows 7 box? Did 
you store that in /etc/ipsec.d/cacerts. Please run

ipsec listcacerts

and provide the output to us. Also, a more comprehensive log file would 
be helpful.

-Daniel

Wihsböck Michael wrote:
> Hi,
> 
> I'm using StrongSwan 4.2.4 (default in Debian 5.0) and tried to enable it to 
> accept Windows 7 IPSec-VPN connections as desribed on 
> http://wiki.strongswan.org/wiki/1/Windows7. I got it working that the 
> certificates are accepted correctly on windows 7 side but now the connection 
> establishment times out.
> The only message I receive on the StrongSwan system is "Dec 28 18:06:39 
> debian charon: 09[AUD] 188.23.82.145 is initiating an IKE_SA". In the Windows 
> 7 Connection Status and Log Information Page 
> (http://wiki.strongswan.org/wiki/strongswan/Win7Status) this message is 
> immediately followed by something like "sending cert request for "C=AT, ..." 
> but this message doesn't appear :(
> 
> My ipsec.conf:
> 
> config setup
>         plutostart=no
> 
> conn windows7
>         left=%defaultroute
>         leftcert=server3Cert.pem
>         leftsubnet=192.168.21.0/24
>         right=%any
>         rightsourceip=192.168.1.0/24
>         rightid="C=AT, ST=Wien, O=Company, OU=Department, CN=support, 
> e=em...@test.tld"
>         keyexchange=ikev2
>         auto=add
> 
> Is the used strongSwan version too old?

_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to