Windows 10 connection to strongswan ipsec server fails with "IKE authentication credentials are unacceptable

windows vpn ipsec windows-10 strongswan
5,258

Turns out that the problem was with the intermediate Let's Encrypt certificate, despite it being included in my server's cert file. Putting it in /etc/ipsec.d/cacerts solved the problem.

Share:
5,258

Related videos on Youtube

Kayson
Author by

Kayson

Updated on September 18, 2022

Comments

  • Kayson
    Kayson over 1 year

    I'm trying to get a simple IPSEC/IKEv2 server set up with username/password (for now) on Ubuntu 18.04.

    I'm using Windows 10 Pro built in client, and the connection fails complaining about the IKE authentication credentials. The event log shows error 13801, which according to https://blogs.technet.microsoft.com/rrasblog/2009/08/12/troubleshooting-common-vpn-related-errors/ could be any one of

    • The machine certificate used for IKEv2 validation on RAS Server does not have 'Server Authentication' as the EKU (Enhanced Key Usage).
    • The machine certificate on RAS server has expired.
    • The root certificate to validate the RAS server certificate is not present on the client.
    • VPN Server Name as given on client doesn’t match with the subjectName of the server certificate.

    I'm using a full chain certificate from letsencrypt. I'm not sure how to check the certificate received on the windows side, but I exported the certificate via firefox (I'm using the same cert for an apache2 webserver) to take a look. In Enhanced Key Usage, I have Server Authentication (1.3.6.1.5.5.7.3.1). The Subject is CN = domain.com which is the same domain I'm connecting to (i.e. no subdomains). The cert chain goes to the root DST Root CA X3, which is in my Trusted Root Certification Authorities Store.

    My ipsec.conf is as follows:

    # ipsec.conf - strongSwan IPsec configuration file
config setup
   charondebug="cfg 2"

conn ikev2-vpn
    auto=add
    compress=no
    type=tunnel
    keyexchange=ikev2
    fragmentation=yes
    forceencaps=yes
    ike=aes256-sha1-modp1024,3des-sha1-modp1024!
    esp=aes256-sha1,3des-sha1!
    dpdaction=clear
    dpddelay=300s
    rekey=no
    left=%any
    [email protected]
    leftauth=pubkey
    leftcert=/etc/ssl/certs/domain.com.pem
    leftsendcert=always
    leftsubnet=0.0.0.0/0
    right=%any
    rightid=%any
    rightauth=eap-mschapv2
    rightdns=192.168.1.1
    rightsourceip=10.11.12.0/24
    rightsendcert=never
    eap_identity=%identity

    The log for this connection is as follows:

    Wed, 2018-07-04 17:20 00[DMN] Starting IKE charon daemon (strongSwan 5.6.2, Linux 4.15.0-23-generic, x86_64)
Wed, 2018-07-04 17:20 00[LIB] plugin 'aesni': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'aes': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'rc2': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'sha2': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'sha1': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'md4': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'md5': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'mgf1': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'random': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'nonce': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'x509': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'revocation': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'constraints': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'pubkey': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'pkcs1': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'pkcs7': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'pkcs8': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'pkcs12': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'pgp': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'dnskey': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'sshkey': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'pem': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'openssl': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'fips-prf': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'gmp': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'agent': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'xcbc': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'hmac': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'gcm': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'attr': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'kernel-netlink': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'resolve': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'socket-default': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'connmark': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'stroke': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'updown': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'eap-mschapv2': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'xauth-generic': loaded successfully
Wed, 2018-07-04 17:20 00[LIB] plugin 'counters': loaded successfully
Wed, 2018-07-04 17:20 00[KNL] known interfaces and IP addresses:
Wed, 2018-07-04 17:20 00[KNL]   lo
Wed, 2018-07-04 17:20 00[KNL]     127.0.0.1
Wed, 2018-07-04 17:20 00[KNL]     ::1
Wed, 2018-07-04 17:20 00[KNL]   enp1s0
Wed, 2018-07-04 17:20 00[KNL]     192.168.1.2
Wed, 2018-07-04 17:20 00[KNL]     fe80::428d:5cff:fe05:6216
Wed, 2018-07-04 17:20 00[LIB] feature PUBKEY:ED25519 in plugin 'pem' has unmet dependency: PUBKEY:ED25519
Wed, 2018-07-04 17:20 00[LIB] feature PUBKEY:BLISS in plugin 'pem' has unmet dependency: PUBKEY:BLISS
Wed, 2018-07-04 17:20 00[LIB] feature PUBKEY:DSA in plugin 'pem' has unmet dependency: PUBKEY:DSA
Wed, 2018-07-04 17:20 00[LIB] feature PRIVKEY:DSA in plugin 'pem' has unmet dependency: PRIVKEY:DSA
Wed, 2018-07-04 17:20 00[LIB] feature PRIVKEY:BLISS in plugin 'pem' has unmet dependency: PRIVKEY:BLISS
Wed, 2018-07-04 17:20 00[LIB] feature CERT_DECODE:OCSP_REQUEST in plugin 'pem' has unmet dependency: CERT_DECODE:OCSP_REQUEST
Wed, 2018-07-04 17:20 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_224 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_224
Wed, 2018-07-04 17:20 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_256 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_256
Wed, 2018-07-04 17:20 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_384 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_384
Wed, 2018-07-04 17:20 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_512 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_512
Wed, 2018-07-04 17:20 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_224 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_224
Wed, 2018-07-04 17:20 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_256 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_256
Wed, 2018-07-04 17:20 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_384 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_384
Wed, 2018-07-04 17:20 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_512 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_512
Wed, 2018-07-04 17:20 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Wed, 2018-07-04 17:20 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Wed, 2018-07-04 17:20 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Wed, 2018-07-04 17:20 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Wed, 2018-07-04 17:20 00[CFG] loading crls from '/etc/ipsec.d/crls'
Wed, 2018-07-04 17:20 00[CFG] loading secrets from '/etc/ipsec.secrets'
Wed, 2018-07-04 17:20 00[CFG]   loaded RSA private key from '/etc/ssl/private/strongswan.key'
Wed, 2018-07-04 17:20 00[CFG]   loaded EAP secret for aram %any%
Wed, 2018-07-04 17:20 00[LIB] loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters
Wed, 2018-07-04 17:20 00[LIB] unable to load 14 plugin features (14 due to unmet dependencies)
Wed, 2018-07-04 17:20 00[LIB] dropped capabilities, running as uid 0, gid 0
Wed, 2018-07-04 17:20 00[JOB] spawning 16 worker threads
Wed, 2018-07-04 17:20 01[LIB] created thread 01 [24678]
Wed, 2018-07-04 17:20 04[LIB] created thread 04 [24680]
Wed, 2018-07-04 17:20 06[LIB] created thread 06 [24681]
Wed, 2018-07-04 17:20 11[LIB] created thread 11 [24686]
Wed, 2018-07-04 17:20 12[LIB] created thread 12 [24688]
Wed, 2018-07-04 17:20 13[LIB] created thread 13 [24687]
Wed, 2018-07-04 17:20 05[LIB] created thread 05 [24683]
Wed, 2018-07-04 17:20 14[LIB] created thread 14 [24689]
Wed, 2018-07-04 17:20 08[LIB] created thread 08 [24684]
Wed, 2018-07-04 17:20 16[LIB] created thread 16 [24691]
Wed, 2018-07-04 17:20 10[LIB] created thread 10 [24685]
Wed, 2018-07-04 17:20 02[LIB] created thread 02 [24676]
Wed, 2018-07-04 17:20 07[LIB] created thread 07 [24679]
Wed, 2018-07-04 17:20 03[LIB] created thread 03 [24677]
Wed, 2018-07-04 17:20 09[LIB] created thread 09 [24682]
Wed, 2018-07-04 17:20 15[LIB] created thread 15 [24690]
Wed, 2018-07-04 17:20 03[CFG] received stroke: add connection 'ikev2-vpn'
Wed, 2018-07-04 17:20 03[CFG] conn ikev2-vpn
Wed, 2018-07-04 17:20 03[CFG]   left=%any
Wed, 2018-07-04 17:20 03[CFG]   leftsubnet=0.0.0.0/0
Wed, 2018-07-04 17:20 03[CFG]   leftauth=pubkey
Wed, 2018-07-04 17:20 03[CFG]   [email protected]
Wed, 2018-07-04 17:20 03[CFG]   leftcert=/etc/ssl/certs/domain.com.pem
Wed, 2018-07-04 17:20 03[CFG]   right=%any
Wed, 2018-07-04 17:20 03[CFG]   rightsourceip=10.11.12.0/24
Wed, 2018-07-04 17:20 03[CFG]   rightdns=192.168.1.1
Wed, 2018-07-04 17:20 03[CFG]   rightauth=eap-mschapv2
Wed, 2018-07-04 17:20 03[CFG]   rightid=%any
Wed, 2018-07-04 17:20 03[CFG]   eap_identity=%identity
Wed, 2018-07-04 17:20 03[CFG]   ike=aes256-sha1-modp1024,3des-sha1-modp1024!
Wed, 2018-07-04 17:20 03[CFG]   esp=aes256-sha1,3des-sha1!
Wed, 2018-07-04 17:20 03[CFG]   dpddelay=300
Wed, 2018-07-04 17:20 03[CFG]   dpdtimeout=150
Wed, 2018-07-04 17:20 03[CFG]   dpdaction=1
Wed, 2018-07-04 17:20 03[CFG]   sha256_96=no
Wed, 2018-07-04 17:20 03[CFG]   mediation=no
Wed, 2018-07-04 17:20 03[CFG]   keyexchange=ikev2
Wed, 2018-07-04 17:20 03[CFG] adding virtual IP address pool 10.11.12.0/24
Wed, 2018-07-04 17:20 03[CFG]   loaded certificate "CN=domain.com" from '/etc/ssl/certs/domain.com.pem'
Wed, 2018-07-04 17:20 03[CFG] added configuration 'ikev2-vpn'
Wed, 2018-07-04 17:20 02[NET] <1> received packet: from 142.68.61.15[500] to 192.168.1.2[500] (616 bytes)
Wed, 2018-07-04 17:20 02[ENC] <1> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V V V V ]
Wed, 2018-07-04 17:20 02[CFG] <1> looking for an ike config for 192.168.1.2...142.68.61.15
Wed, 2018-07-04 17:20 02[CFG] <1>   candidate: %any...%any, prio 28
Wed, 2018-07-04 17:20 02[CFG] <1> found matching ike config: %any...%any with prio 28
Wed, 2018-07-04 17:20 02[IKE] <1> received MS NT5 ISAKMPOAKLEY v9 vendor ID
Wed, 2018-07-04 17:20 02[IKE] <1> received MS-Negotiation Discovery Capable vendor ID
Wed, 2018-07-04 17:20 02[IKE] <1> received Vid-Initial-Contact vendor ID
Wed, 2018-07-04 17:20 02[ENC] <1> received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
Wed, 2018-07-04 17:20 02[IKE] <1> 142.68.61.15 is initiating an IKE_SA
Wed, 2018-07-04 17:20 02[IKE] <1> IKE_SA (unnamed)[1] state change: CREATED => CONNECTING
Wed, 2018-07-04 17:20 02[CFG] <1> selecting proposal:
Wed, 2018-07-04 17:20 02[CFG] <1>   no acceptable ENCRYPTION_ALGORITHM found
Wed, 2018-07-04 17:20 02[CFG] <1> selecting proposal:
Wed, 2018-07-04 17:20 02[CFG] <1>   proposal matches
Wed, 2018-07-04 17:20 02[CFG] <1> received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024
Wed, 2018-07-04 17:20 02[CFG] <1> configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Wed, 2018-07-04 17:20 02[CFG] <1> selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Wed, 2018-07-04 17:20 02[LIB] <1> size of DH secret exponent: 1023 bits
Wed, 2018-07-04 17:20 02[IKE] <1> local host is behind NAT, sending keep alives
Wed, 2018-07-04 17:20 02[IKE] <1> remote host is behind NAT
Wed, 2018-07-04 17:20 02[ENC] <1> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
Wed, 2018-07-04 17:20 02[NET] <1> sending packet: from 192.168.1.2[500] to 142.68.61.15[500] (312 bytes)
Wed, 2018-07-04 17:20 13[NET] <1> received packet: from 142.68.61.15[4500] to 192.168.1.2[4500] (1452 bytes)
Wed, 2018-07-04 17:20 13[ENC] <1> parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 73:68:b1:9a:19:83:cc:4b:37:b3:45:44:5d:ef:a5:45:46:ee:ff:a4
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 0e:ac:82:60:40:56:27:97:e5:25:13:fc:2a:e1:0a:53:95:59:e4:a4
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid f8:16:51:3c:fd:1b:44:9f:2e:6b:28:a1:97:22:1f:b8:1f:51:4e:3c
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid dd:bc:bd:86:9c:3f:07:ed:40:e3:1b:08:ef:ce:c4:d1:88:cd:3b:15
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 4a:5c:75:22:aa:46:bf:a4:08:9d:39:97:4e:bd:b4:a3:60:f7:a0:1d
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 5c:b8:69:fe:8d:ef:c1:ed:66:27:ee:b2:12:0f:72:1b:b8:0a:0e:04
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 6a:47:a2:67:c9:2e:2f:19:68:8b:9b:86:61:66:95:ed:c1:2c:13:00
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 01:f0:33:4c:1a:a1:d9:ee:5b:7b:a9:de:43:bc:02:7d:57:09:33:fb
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid b7:95:e9:ff:7d:9c:f0:b1:62:4f:a1:c8:f6:0b:e6:37:20:12:b9:e5
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 1b:e3:ae:ad:0f:c1:1d:d0:15:5b:2d:1d:c5:19:13:71:a4:63:95:5b
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 3c:a2:80:2a:31:80:fd:5b:a6:12:86:fb:55:3a:77:ba:e8:0c:12:ad
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 88:a9:5a:ef:c0:84:fc:13:74:41:6b:b1:63:32:c2:cf:92:59:bb:3b
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 34:4f:30:2d:25:69:31:91:ea:f7:73:5c:ab:f5:86:8d:37:82:40:ec
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 3e:df:29:0c:c1:f5:cc:73:2c:eb:3d:24:e1:7e:52:da:bd:27:e2:f0
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid ab:76:88:f4:e5:e1:38:c9:e9:50:17:cd:cd:b3:18:17:b3:3e:8c:f5
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid da:ed:64:74:14:9c:14:3c:ab:dd:99:a9:bd:5b:28:4d:8b:3c:c9:d8
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 5e:8c:53:18:22:60:1d:56:71:d6:6a:a0:cc:64:a0:60:07:43:d5:a8
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 86:26:cb:1b:c5:54:b3:9f:bd:6b:ed:63:7f:b9:89:a9:80:f1:f4:8a
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid c0:7a:98:68:8d:89:fb:ab:05:64:0c:11:7d:aa:7d:65:b8:ca:cc:4e
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid a8:e3:02:96:70:a6:8b:57:eb:ec:ef:cc:29:4e:91:74:9a:d4:92:38
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid b5:99:33:43:ac:a2:17:c5:08:ba:88:8c:a6:92:7e:26:b3:0f:87:a9
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid f7:93:19:ef:df:c1:f5:20:fb:ac:85:55:2c:f2:d2:8f:5a:b9:ca:0b
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 30:a4:e6:4f:de:76:8a:fc:ed:5a:90:84:28:30:46:79:2c:29:15:70
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 48:e6:68:f9:2b:d2:b2:95:d7:47:d8:23:20:10:4f:33:98:90:9f:d4
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 73:97:82:ea:b4:04:16:6e:25:d4:82:3c:37:db:f8:a8:12:fb:cf:26
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 69:9f:1b:7a:e9:b8:da:18:49:6c:60:8b:ce:4f:4e:aa:f9:f0:b7:aa
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 69:c4:27:db:59:69:68:18:47:e2:52:17:0a:e0:e5:7f:ab:9d:ef:0f
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid ba:42:b0:81:88:53:88:1d:86:63:bd:4c:c0:5e:08:fe:ea:6e:bb:77
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 87:db:d4:5f:b0:92:8d:4e:1d:f8:15:67:e7:f2:ab:af:d6:2b:67:75
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 6e:58:4e:33:75:bd:57:f6:d5:42:1b:16:01:c2:d8:c0:f5:3a:9f:6e
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 4a:81:0c:de:f0:c0:90:0f:19:06:42:31:35:a2:a2:8d:d3:44:fd:08
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid d5:2e:13:c1:ab:e3:49:da:e8:b4:95:94:ef:7c:38:43:60:64:66:bd
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 59:79:12:de:61:75:d6:6f:c4:23:b7:77:13:74:c7:96:de:6f:88:72
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 6c:ca:bd:7d:b4:7e:94:a5:75:99:01:b6:a7:df:d4:5d:1c:09:1c:cc
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid ab:30:d3:af:4b:d8:f1:6b:58:69:ee:45:69:29:da:84:b8:73:94:88
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 42:32:b6:16:fa:04:fd:fe:5d:4b:7a:c3:fd:f7:4c:40:1d:5a:43:af
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid a5:06:8a:78:cf:84:bd:74:32:dd:58:f9:65:eb:3a:55:e7:c7:80:dc
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid e2:7f:7b:d8:77:d5:df:9e:0a:3f:9e:b4:cb:0e:2e:a9:ef:db:69:77
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 5f:f3:24:6c:8f:91:24:af:9b:5f:3e:b0:34:6a:f4:2d:5c:a8:5d:cc
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 6d:aa:9b:09:87:c4:d0:d4:22:ed:40:07:37:4d:19:f1:91:ff:de:d3
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 83:31:7e:62:85:42:53:d6:d7:78:31:90:ec:91:90:56:e9:91:b9:e3
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 7e:95:9f:ed:82:8e:2a:ed:c3:7c:0d:05:46:31:ef:53:97:cd:48:49
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 39:e8:80:35:f8:a2:05:a0:08:b4:cd:e9:d8:ca:67:29:22:2e:7e:9b
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 3e:22:d4:2c:1f:02:44:b8:04:10:65:61:7c:c7:6b:ae:da:87:29:9c
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 55:e4:81:d1:11:80:be:d8:89:b9:08:a3:31:f9:a1:24:09:16:b9:70
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid b1:81:08:1a:19:a4:c0:94:1f:fa:e8:95:28:c1:24:c9:9b:34:ac:c7
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 21:0f:2c:89:f7:c4:cd:5d:1b:82:5e:38:d6:c6:59:3b:a6:93:75:ae
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 23:4b:71:25:56:13:e1:30:dd:e3:42:69:c9:cc:30:d4:6f:08:41:e0
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid bb:c2:3e:29:0b:b3:28:77:1d:ad:3e:a2:4d:bd:f4:23:bd:06:b0:3d
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid b0:19:89:e7:ef:fb:4a:af:cb:14:8f:58:46:39:76:22:41:50:e1:ba
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid ee:e5:9f:1e:2a:a5:44:c3:cb:25:43:a6:9a:5b:d4:6a:25:bc:bb:8e
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 67:ec:9f:90:2d:cd:64:ae:fe:7e:bc:cd:f8:8c:51:28:f1:93:2c:12
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 17:4a:b8:2b:5f:fb:05:67:75:27:ad:49:5a:4a:5d:c4:22:cc:ea:4e
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 68:33:0e:61:35:85:21:59:29:83:a3:c8:d2:d2:e1:40:6e:7a:b3:c1
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 9c:a9:8d:00:af:74:0d:dd:81:80:d2:13:45:a5:8b:8f:2e:94:38:d6
Wed, 2018-07-04 17:20 13[IKE] <1> received cert request for unknown ca with keyid 4f:9c:7d:21:79:9c:ad:0e:d8:b9:0c:57:9f:1a:02:99:e7:90:f3:87
Wed, 2018-07-04 17:20 13[IKE] <1> received 56 cert requests for an unknown ca
Wed, 2018-07-04 17:20 13[CFG] <1> looking for peer configs matching 192.168.1.2[%any]...142.68.61.15[192.168.1.133]
Wed, 2018-07-04 17:20 13[CFG] <1>   candidate "ikev2-vpn", match: 1/1/28 (me/other/ike)
Wed, 2018-07-04 17:20 13[CFG] <ikev2-vpn|1> selected peer config 'ikev2-vpn'
Wed, 2018-07-04 17:20 13[IKE] <ikev2-vpn|1> EAP-Identity request configured, but not supported
Wed, 2018-07-04 17:20 13[IKE] <ikev2-vpn|1> initiating EAP_MSCHAPV2 method (id 0x52)
Wed, 2018-07-04 17:20 13[IKE] <ikev2-vpn|1> processing INTERNAL_IP4_ADDRESS attribute
Wed, 2018-07-04 17:20 13[IKE] <ikev2-vpn|1> processing INTERNAL_IP4_DNS attribute
Wed, 2018-07-04 17:20 13[IKE] <ikev2-vpn|1> processing INTERNAL_IP4_NBNS attribute
Wed, 2018-07-04 17:20 13[IKE] <ikev2-vpn|1> processing INTERNAL_IP4_SERVER attribute
Wed, 2018-07-04 17:20 13[IKE] <ikev2-vpn|1> processing INTERNAL_IP6_ADDRESS attribute
Wed, 2018-07-04 17:20 13[IKE] <ikev2-vpn|1> processing INTERNAL_IP6_DNS attribute
Wed, 2018-07-04 17:20 13[IKE] <ikev2-vpn|1> processing INTERNAL_IP6_SERVER attribute
Wed, 2018-07-04 17:20 13[IKE] <ikev2-vpn|1> peer supports MOBIKE
Wed, 2018-07-04 17:20 13[IKE] <ikev2-vpn|1> authentication of 'domain.com' (myself) with RSA signature successful
Wed, 2018-07-04 17:20 13[IKE] <ikev2-vpn|1> sending end entity cert "CN=domain.com"
Wed, 2018-07-04 17:20 13[ENC] <ikev2-vpn|1> generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/MSCHAPV2 ]
Wed, 2018-07-04 17:20 13[NET] <ikev2-vpn|1> sending packet: from 192.168.1.2[4500] to 142.68.61.15[4500] (2460 bytes)
Wed, 2018-07-04 17:20 05[IKE] <ikev2-vpn|1> sending keep alive to 142.68.61.15[4500]
Wed, 2018-07-04 17:20 14[JOB] <ikev2-vpn|1> deleting half open IKE_SA with 142.68.61.15 after timeout
Wed, 2018-07-04 17:20 14[IKE] <ikev2-vpn|1> IKE_SA ikev2-vpn[1] state change: CONNECTING => DESTROYING

    Any help would be greatly appreciated!

  • Zalán Meggyesi
    Zalán Meggyesi over 5 years
    How did you reach this conclusion? I'm getting the same error in a similar setup, but with the intermediate already in place, and I want to debug it, but I can't get usable debug output from Windows...
  • Kayson
    Kayson over 5 years
    I think I used the strongswan app on android which has more useful logging. I believe it said something in the logs

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Enable IKE tracing on windows 10 VPN
Remote uninstall software via powershell
Setting VPN domain Windows 10
1723 port isn't opened after setting up an incoming connection on Windows 10
Where can I find/store L2TP presharedkey for a Pbk vpn (windows 10)
Can't connect to L2TP IPsec VPN from Windows 10 but it works with macOS High Sierra
Windows Remote Access Service Error - NetExtender SonicWall - Windows 10
Specify VPN port in windows 10, "Edit VPN Connection"
L2TP/IPsec VPN fails to connect on Windows 10 - Works fine on iOS
Setting-up Windows Server 2003 as an L2TP/IPSEC VPN server