Hello Noel,
Your certificate lacks a SAN field for your IP, so strongSwan defaults
back to the DN of the certificate. Generate a new certificate for the
server, which has that SAN field
set. It is also advisable to set a SAN field for the DNS name.
Sun, 2015-06-07 % 05[CFG] id '5.9.63.241' not confirmed by
certificate, defaulting to 'C=DE, ST=Niedersachsen, L=Hannover,
O=Privat, OU=StrongSwan, CN=vpn.bl4ckb0x.de, [email protected]'
Okay. I've fixed it. SAN fields with my IP are now in the certificate.
But it didn't change anything.
Furthermore, your "esp" and "ike" settings are wrong. Please set
them correctly. Refer to the man page for details.
I've set this now to:
esp=aes256-sha1!
ike=aes256-sha1-modp1024!
That should be for start okay.
Also set fragmentation=yes, because you use certificates
and try setting the IKE proposal to secure values.
fragmentation=yes is already set.
I googled error 809 for WIndows 8.1 and it means, that the remote
server didn't respond.
Check intermediate and local firewalls to check if they allow outbound
IPsec traffic.
Well. How can I debug this specific? My linux router has set with
iptables:
$IPTABLES --append INPUT --protocol 50 --jump ACCEPT
$IPTABLES --append INPUT --protocol 51 --jump ACCEPT
$IPTABLES --append INPUT --protocol udp --destination-port 500 --jump
ACCEPT
$IPTABLES --append INPUT --protocol udp --destination-port 4500 --jump
ACCEPT
Do I have to forward it explicit to the windows client behind the
router?
Conrad
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
