strongswan 和 Windows 10

strongswan 和 Windows 10

我们正在尝试在 Ubuntu 18.04.2 Server 安装上设置 strongswan VPN 服务器。设置本身可以工作(即,另一个 Ubuntu 设备可以连接到它),但从 Windows 10 我收到 IKE 身份验证错误。事件日志显示错误 13801。

strongswan 的配置和安装取自这里

当尝试从 Windows 10 访问它时,它显示身份验证错误。来自 VPN 服务器(本地网络)的系统日志:

Jun 12 14:28:45 testcontainer charon: 12[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
Jun 12 14:28:45 testcontainer charon: 12[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID
Jun 12 14:28:45 testcontainer charon: 12[IKE] received MS-Negotiation Discovery Capable vendor ID
Jun 12 14:28:45 testcontainer charon: 12[IKE] received Vid-Initial-Contact vendor ID
Jun 12 14:28:45 testcontainer charon: 12[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
Jun 12 14:28:45 testcontainer charon: 12[IKE] 172.16.20.13 is initiating an IKE_SA
Jun 12 14:28:45 testcontainer charon: 12[IKE] IKE_SA (unnamed)[1] state change: CREATED => CONNECTING
Jun 12 14:28:45 testcontainer charon: 12[IKE] faking NAT situation to enforce UDP encapsulation
Jun 12 14:28:45 testcontainer charon: 12[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ]
Jun 12 14:28:45 testcontainer charon: 12[NET] sending packet: from 172.16.20.131[500] to 172.16.20.13[500] (448 bytes)
Jun 12 14:28:45 testcontainer charon: 13[NET] received packet: from 172.16.20.13[4500] to 172.16.20.131[4500] (576 bytes)
Jun 12 14:28:45 testcontainer charon: 13[ENC] parsed IKE_AUTH request 1 [ EF(1/3) ]
Jun 12 14:28:45 testcontainer charon: 13[ENC] received fragment #1 of 3, waiting for complete IKE message
Jun 12 14:28:45 testcontainer charon: 14[NET] received packet: from 172.16.20.13[4500] to 172.16.20.131[4500] (576 bytes)
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[DMN] Starting IKE charon daemon (strongSwan 5.6.2, Linux 4.15.0-51-generic, x86_64)
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[CFG] PKCS11 module '<name>' lacks library path
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[CFG] disabling load-tester plugin, not configured
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[LIB] plugin 'load-tester': failed to load - load_tester_plugin_create returned NULL
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[KNL] known interfaces and IP addresses:
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[KNL]   lo
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[KNL]     127.0.0.1
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[KNL]     ::1
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[KNL]   ens3
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[KNL]     172.16.20.131
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[KNL]     fe80::5054:ff:fe8f:3b78
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[CFG] dnscert plugin is disabled
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[CFG] ipseckey plugin is disabled
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[CFG] attr-sql plugin: database URI not set
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[CFG]   loaded ca certificate "CN=172.16.20.131" from '/etc/ipsec.d/cacerts/ca-cert.pem'
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[CFG]   loaded RSA private key from '/etc/ipsec.d/private/server-key.pem'
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[CFG]   loaded EAP secret for aroth
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[CFG] sql plugin: database URI not set
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[CFG] eap-simaka-sql database URI missing
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[CFG] loaded 0 RADIUS server configurations
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[CFG] HA config misses local/remote address
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[CFG] no threshold configured for systime-fix, disabled
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[CFG] coupling file path unspecified
Jun 12 14:28:45 testcontainer charon: 14[ENC] parsed IKE_AUTH request 1 [ EF(2/3) ]
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[LIB] loaded plugins: charon test-vectors unbound ldap pkcs11 tpm aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm ntru bliss curl soup mysql sqlite attr kernel-netlink resolve socket-default connmark farp stroke updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp whitelist lookip error-notify certexpire led radattr addrblock unity counters
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[LIB] dropped capabilities, running as uid 0, gid 0
Jun 12 14:28:45 testcontainer ipsec[1743]: 00[JOB] spawning 16 worker threads
Jun 12 14:28:45 testcontainer ipsec[1743]: 05[CFG] received stroke: add connection 'ikev2-vpn'
Jun 12 14:28:45 testcontainer ipsec[1743]: 05[CFG] adding virtual IP address pool 10.10.10.0/24
Jun 12 14:28:45 testcontainer ipsec[1743]: 05[CFG]   loaded certificate "CN=172.16.20.131" from 'server-cert.pem'
Jun 12 14:28:45 testcontainer ipsec[1743]: 05[CFG] added configuration 'ikev2-vpn'
Jun 12 14:28:45 testcontainer ipsec[1743]: 12[NET] received packet: from 172.16.20.13[500] to 172.16.20.131[500] (632 bytes)
Jun 12 14:28:45 testcontainer ipsec[1743]: 12[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
Jun 12 14:28:45 testcontainer ipsec[1743]: 12[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID
Jun 12 14:28:45 testcontainer ipsec[1743]: 12[IKE] received MS-Negotiation Discovery Capable vendor ID
Jun 12 14:28:45 testcontainer ipsec[1743]: 12[IKE] received Vid-Initial-Contact vendor ID
Jun 12 14:28:45 testcontainer ipsec[1743]: 12[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
Jun 12 14:28:45 testcontainer ipsec[1743]: 12[IKE] 172.16.20.13 is initiating an IKE_SA
Jun 12 14:28:45 testcontainer ipsec[1743]: 12[IKE] IKE_SA (unnamed)[1] state change: CREATED => CONNECTING
Jun 12 14:28:45 testcontainer ipsec[1743]: 12[IKE] faking NAT situation to enforce UDP encapsulation
Jun 12 14:28:45 testcontainer ipsec[1743]: 12[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ]
Jun 12 14:28:45 testcontainer ipsec[1743]: 12[NET] sending packet: from 172.16.20.131[500] to 172.16.20.13[500] (448 bytes)
Jun 12 14:28:45 testcontainer ipsec[1743]: 13[NET] received packet: from 172.16.20.13[4500] to 172.16.20.131[4500] (576 bytes)
Jun 12 14:28:45 testcontainer ipsec[1743]: 13[ENC] parsed IKE_AUTH request 1 [ EF(1/3) ]
Jun 12 14:28:45 testcontainer charon: 14[ENC] received fragment #2 of 3, waiting for complete IKE message
Jun 12 14:28:45 testcontainer ipsec[1743]: 13[ENC] received fragment #1 of 3, waiting for complete IKE message
Jun 12 14:28:45 testcontainer ipsec[1743]: 14[NET] received packet: from 172.16.20.13[4500] to 172.16.20.131[4500] (576 bytes)
Jun 12 14:28:45 testcontainer ipsec[1743]: 14[ENC] parsed IKE_AUTH request 1 [ EF(2/3) ]
Jun 12 14:28:45 testcontainer ipsec[1743]: 14[ENC] received fragment #2 of 3, waiting for complete IKE message
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[NET] received packet: from 172.16.20.13[4500] to 172.16.20.131[4500] (256 bytes)
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[ENC] parsed IKE_AUTH request 1 [ EF(3/3) ]
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[ENC] received fragment #3 of 3, reassembling fragmented IKE message
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[ENC] parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid 0e:ac:82:60:40:56:27:97:e5:25:13:fc:2a:e1:0a:53:95:59:e4:a4
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid dd:bc:bd:86:9c:3f:07:ed:40:e3:1b:08:ef:ce:c4:d1:88:cd:3b:15
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid 4a:5c:75:22:aa:46:bf:a4:08:9d:39:97:4e:bd:b4:a3:60:f7:a0:1d
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid 5c:b8:69:fe:8d:ef:c1:ed:66:27:ee:b2:12:0f:72:1b:b8:0a:0e:04
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid 6a:47:a2:67:c9:2e:2f:19:68:8b:9b:86:61:66:95:ed:c1:2c:13:00
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid 01:f0:33:4c:1a:a1:d9:ee:5b:7b:a9:de:43:bc:02:7d:57:09:33:fb
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid 88:a9:5a:ef:c0:84:fc:13:74:41:6b:b1:63:32:c2:cf:92:59:bb:3b
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid f9:27:b6:1b:0a:37:f3:c3:1a:fa:17:ec:2d:46:17:16:12:9d:0c:0e
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid 34:4f:30:2d:25:69:31:91:ea:f7:73:5c:ab:f5:86:8d:37:82:40:ec
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid 3e:df:29:0c:c1:f5:cc:73:2c:eb:3d:24:e1:7e:52:da:bd:27:e2:f0
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid 7c:32:d4:85:fd:89:0a:66:b5:97:ce:86:f4:d5:26:a9:21:07:e8:3e
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid da:ed:64:74:14:9c:14:3c:ab:dd:99:a9:bd:5b:28:4d:8b:3c:c9:d8
Jun 12 14:28:45 testcontainer charon: 15[NET] received packet: from 172.16.20.13[4500] to 172.16.20.131[4500] (256 bytes)
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid f8:92:0b:e9:08:a9:c5:d5:a0:fb:f3:9a:aa:98:a5:74:37:49:ad:9f
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid 5e:8c:53:18:22:60:1d:56:71:d6:6a:a0:cc:64:a0:60:07:43:d5:a8
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid 86:26:cb:1b:c5:54:b3:9f:bd:6b:ed:63:7f:b9:89:a9:80:f1:f4:8a
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid a8:e3:02:96:70:a6:8b:57:eb:ec:ef:cc:29:4e:91:74:9a:d4:92:38
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid f7:93:19:ef:df:c1:f5:20:fb:ac:85:55:2c:f2:d2:8f:5a:b9:ca:0b
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid 30:a4:e6:4f:de:76:8a:fc:ed:5a:90:84:28:30:46:79:2c:29:15:70
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid 90:e2:41:c2:11:41:8b:95:b1:a9:e0:9c:37:24:7e:84:9f:e4:be:a1
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid ba:42:b0:81:88:53:88:1d:86:63:bd:4c:c0:5e:08:fe:ea:6e:bb:77
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid 87:db:d4:5f:b0:92:8d:4e:1d:f8:15:67:e7:f2:ab:af:d6:2b:67:75
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid 6e:58:4e:33:75:bd:57:f6:d5:42:1b:16:01:c2:d8:c0:f5:3a:9f:6e
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid 4a:81:0c:de:f0:c0:90:0f:19:06:42:31:35:a2:a2:8d:d3:44:fd:08
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid d5:2e:13:c1:ab:e3:49:da:e8:b4:95:94:ef:7c:38:43:60:64:66:bd
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid 6c:ca:bd:7d:b4:7e:94:a5:75:99:01:b6:a7:df:d4:5d:1c:09:1c:cc
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid ab:30:d3:af:4b:d8:f1:6b:58:69:ee:45:69:29:da:84:b8:73:94:88
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid 42:32:b6:16:fa:04:fd:fe:5d:4b:7a:c3:fd:f7:4c:40:1d:5a:43:af
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid a5:06:8a:78:cf:84:bd:74:32:dd:58:f9:65:eb:3a:55:e7:c7:80:dc
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid e2:7f:7b:d8:77:d5:df:9e:0a:3f:9e:b4:cb:0e:2e:a9:ef:db:69:77
Jun 12 14:28:45 testcontainer charon: 15[ENC] parsed IKE_AUTH request 1 [ EF(3/3) ]
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid 83:31:7e:62:85:42:53:d6:d7:78:31:90:ec:91:90:56:e9:91:b9:e3
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid 3e:22:d4:2c:1f:02:44:b8:04:10:65:61:7c:c7:6b:ae:da:87:29:9c
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid 55:e4:81:d1:11:80:be:d8:89:b9:08:a3:31:f9:a1:24:09:16:b9:70
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid b1:81:08:1a:19:a4:c0:94:1f:fa:e8:95:28:c1:24:c9:9b:34:ac:c7
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid 23:4b:71:25:56:13:e1:30:dd:e3:42:69:c9:cc:30:d4:6f:08:41:e0
Jun 12 14:28:45 testcontainer ipsec[1743]: 15[IKE] received cert request for unknown ca with keyid bb:c2:3e:29:0b:b3:28:77:1d:ad:3e:a2:4d:bd:f4:23:bd:06:b0:3d
Jun 12 14:28:45 testcontainer charon: 15[ENC] received fragment #3 of 3, reassembling fragmented IKE message
Jun 12 14:28:45 testcontainer charon: 15[ENC] parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid 0e:ac:82:60:40:56:27:97:e5:25:13:fc:2a:e1:0a:53:95:59:e4:a4
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid dd:bc:bd:86:9c:3f:07:ed:40:e3:1b:08:ef:ce:c4:d1:88:cd:3b:15
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid 4a:5c:75:22:aa:46:bf:a4:08:9d:39:97:4e:bd:b4:a3:60:f7:a0:1d
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid 5c:b8:69:fe:8d:ef:c1:ed:66:27:ee:b2:12:0f:72:1b:b8:0a:0e:04
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid 6a:47:a2:67:c9:2e:2f:19:68:8b:9b:86:61:66:95:ed:c1:2c:13:00
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid 01:f0:33:4c:1a:a1:d9:ee:5b:7b:a9:de:43:bc:02:7d:57:09:33:fb
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid 88:a9:5a:ef:c0:84:fc:13:74:41:6b:b1:63:32:c2:cf:92:59:bb:3b
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid f9:27:b6:1b:0a:37:f3:c3:1a:fa:17:ec:2d:46:17:16:12:9d:0c:0e
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid 34:4f:30:2d:25:69:31:91:ea:f7:73:5c:ab:f5:86:8d:37:82:40:ec
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid 3e:df:29:0c:c1:f5:cc:73:2c:eb:3d:24:e1:7e:52:da:bd:27:e2:f0
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid 7c:32:d4:85:fd:89:0a:66:b5:97:ce:86:f4:d5:26:a9:21:07:e8:3e
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid da:ed:64:74:14:9c:14:3c:ab:dd:99:a9:bd:5b:28:4d:8b:3c:c9:d8
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid f8:92:0b:e9:08:a9:c5:d5:a0:fb:f3:9a:aa:98:a5:74:37:49:ad:9f
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid 5e:8c:53:18:22:60:1d:56:71:d6:6a:a0:cc:64:a0:60:07:43:d5:a8
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid 86:26:cb:1b:c5:54:b3:9f:bd:6b:ed:63:7f:b9:89:a9:80:f1:f4:8a
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid a8:e3:02:96:70:a6:8b:57:eb:ec:ef:cc:29:4e:91:74:9a:d4:92:38
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid f7:93:19:ef:df:c1:f5:20:fb:ac:85:55:2c:f2:d2:8f:5a:b9:ca:0b
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid 30:a4:e6:4f:de:76:8a:fc:ed:5a:90:84:28:30:46:79:2c:29:15:70
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid 90:e2:41:c2:11:41:8b:95:b1:a9:e0:9c:37:24:7e:84:9f:e4:be:a1
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid ba:42:b0:81:88:53:88:1d:86:63:bd:4c:c0:5e:08:fe:ea:6e:bb:77
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid 87:db:d4:5f:b0:92:8d:4e:1d:f8:15:67:e7:f2:ab:af:d6:2b:67:75
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid 6e:58:4e:33:75:bd:57:f6:d5:42:1b:16:01:c2:d8:c0:f5:3a:9f:6e
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid 4a:81:0c:de:f0:c0:90:0f:19:06:42:31:35:a2:a2:8d:d3:44:fd:08
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid d5:2e:13:c1:ab:e3:49:da:e8:b4:95:94:ef:7c:38:43:60:64:66:bd
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid 6c:ca:bd:7d:b4:7e:94:a5:75:99:01:b6:a7:df:d4:5d:1c:09:1c:cc
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid ab:30:d3:af:4b:d8:f1:6b:58:69:ee:45:69:29:da:84:b8:73:94:88
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid 42:32:b6:16:fa:04:fd:fe:5d:4b:7a:c3:fd:f7:4c:40:1d:5a:43:af
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid a5:06:8a:78:cf:84:bd:74:32:dd:58:f9:65:eb:3a:55:e7:c7:80:dc
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid e2:7f:7b:d8:77:d5:df:9e:0a:3f:9e:b4:cb:0e:2e:a9:ef:db:69:77
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid 83:31:7e:62:85:42:53:d6:d7:78:31:90:ec:91:90:56:e9:91:b9:e3
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid 3e:22:d4:2c:1f:02:44:b8:04:10:65:61:7c:c7:6b:ae:da:87:29:9c
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid 55:e4:81:d1:11:80:be:d8:89:b9:08:a3:31:f9:a1:24:09:16:b9:70
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid b1:81:08:1a:19:a4:c0:94:1f:fa:e8:95:28:c1:24:c9:9b:34:ac:c7
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid 23:4b:71:25:56:13:e1:30:dd:e3:42:69:c9:cc:30:d4:6f:08:41:e0
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid bb:c2:3e:29:0b:b3:28:77:1d:ad:3e:a2:4d:bd:f4:23:bd:06:b0:3d
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid ee:e5:9f:1e:2a:a5:44:c3:cb:25:43:a6:9a:5b:d4:6a:25:bc:bb:8e
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid 17:4a:b8:2b:5f:fb:05:67:75:27:ad:49:5a:4a:5d:c4:22:cc:ea:4e
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid 7c:32:d4:85:fd:89:0a:66:b5:97:ce:86:f4:d5:26:a9:21:07:e8:3e
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid 68:33:0e:61:35:85:21:59:29:83:a3:c8:d2:d2:e1:40:6e:7a:b3:c1
Jun 12 14:28:45 testcontainer charon: 15[IKE] received cert request for unknown ca with keyid 4f:9c:7d:21:79:9c:ad:0e:d8:b9:0c:57:9f:1a:02:99:e7:90:f3:87
Jun 12 14:28:45 testcontainer charon: 15[IKE] received 40 cert requests for an unknown ca
Jun 12 14:28:45 testcontainer charon: 15[CFG] looking for peer configs matching 172.16.20.131[%any]...172.16.20.13[172.16.20.13]
Jun 12 14:28:45 testcontainer charon: 15[CFG] selected peer config 'ikev2-vpn'
Jun 12 14:28:45 testcontainer charon: 15[IKE] initiating EAP_IDENTITY method (id 0x00)
Jun 12 14:28:45 testcontainer charon: 15[IKE] processing INTERNAL_IP4_ADDRESS attribute
Jun 12 14:28:45 testcontainer charon: 15[IKE] processing INTERNAL_IP4_DNS attribute
Jun 12 14:28:45 testcontainer charon: 15[IKE] processing INTERNAL_IP4_NBNS attribute
Jun 12 14:28:45 testcontainer charon: 15[IKE] processing INTERNAL_IP4_SERVER attribute
Jun 12 14:28:45 testcontainer charon: 15[IKE] processing INTERNAL_IP6_ADDRESS attribute
Jun 12 14:28:45 testcontainer charon: 15[IKE] processing INTERNAL_IP6_DNS attribute
Jun 12 14:28:45 testcontainer charon: 15[IKE] processing INTERNAL_IP6_SERVER attribute
Jun 12 14:28:45 testcontainer charon: 15[IKE] peer supports MOBIKE
Jun 12 14:28:45 testcontainer charon: 15[IKE] authentication of '172.16.20.131' (myself) with RSA signature successful
Jun 12 14:28:45 testcontainer charon: 15[IKE] sending end entity cert "CN=172.16.20.131"
Jun 12 14:28:45 testcontainer charon: 15[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
Jun 12 14:28:45 testcontainer charon: 15[ENC] splitting IKE message with length of 1916 bytes into 2 fragments
Jun 12 14:28:45 testcontainer charon: 15[ENC] generating IKE_AUTH response 1 [ EF(1/2) ]
Jun 12 14:28:45 testcontainer charon: 15[ENC] generating IKE_AUTH response 1 [ EF(2/2) ]
Jun 12 14:28:45 testcontainer charon: 15[NET] sending packet: from 172.16.20.131[4500] to 172.16.20.13[4500] (1248 bytes)
Jun 12 14:28:45 testcontainer charon: 15[NET] sending packet: from 172.16.20.131[4500] to 172.16.20.13[4500] (736 bytes)
Jun 12 14:29:15 testcontainer charon: 06[JOB] deleting half open IKE_SA with 172.16.20.13 after timeout
Jun 12 14:29:15 testcontainer charon: 06[IKE] IKE_SA ikev2-vpn[1] state change: CONNECTING => DESTROYING

根据 KB,13801 表示下列之一:

The certificate is expired.
The trusted root for the certificate is not present on the client.
The subject name of the certificate does not match the remote computer.
The certificate does not have the required Enhanced Key Usage (EKU) values assigned.

但是根据证书管理器,CA 证书是有效的,其用途是“全部”,证书在 Linux 上被接受,因此它应该是正确的远程计算机。我不知道我遗漏了什么。

Windows 10 使用内置的VPN客户端。

答案1

发现问题:以用户身份安装根证书时,它不起作用。它必须由本地计算机上的管理员帐户安装才能正常工作。

相关内容