Project

General

Profile

Issue #3434

Windows client error 13801 with Ubuntu 20.04 strongSwan server

Added by Derek Cameron 6 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Category:
pki
Affected version:
5.8.2
Resolution:
Duplicate

Description

Attempting to connect from a Windows 10 client to an Ubunto 20.04 strongSwan server results in Windows error 13801, "IKE authentication credentials are unacceptable."

It looks to me as though something has changed between Ubuntu 18.04 (strongSwan 5.6.2) and Ubuntu 20.04 (strongSwan 5.8.2) with respect to the certificates made with the ipsec pki tool.

To investigate, I imported both strongSwan 5.6.2 and strongSwan 5.8.2 server certificates into Windows. (This import is not necessary during normal operations. I did it purely to examine the server certificate from the Windows point of view.)

Windows marks the strongSwan 5.6.2 server certificate: "The certificate is intended for the following purposes: Ensures the identity of a remote computer; Allows secure communication on the Internet." In other words, serverAuth and ikeIntermediate.

But Windows marks the strongSwan 5.8.2 server certificate: "The certificate is not valid for the selected purpose."


Related issues

Is duplicate of Bug #3249: x509 plugin creates CA certificates with invalid Key Usage flags when compiling with GCC 9+ or clang 4+Closed

History

#1 Updated by Tobias Brunner 6 months ago

  • Status changed from New to Closed
  • Assignee set to Tobias Brunner
  • Resolution set to Duplicate

It looks to me as though something has changed between Ubuntu 18.04 (strongSwan 5.6.2) and Ubuntu 20.04 (strongSwan 5.8.2) with respect to the certificates made with the ipsec pki tool.

No, the problem is the update of GCC in Ubuntu 20.04, see #3249 for details.

#2 Updated by Tobias Brunner 6 months ago

  • Is duplicate of Bug #3249: x509 plugin creates CA certificates with invalid Key Usage flags when compiling with GCC 9+ or clang 4+ added

Also available in: Atom PDF