Strongswan VPN 客户端（Android）无法连接到我的测试 Kerio Control 服务器

我遇到了以下问题：我设置了 Kerio Control 9.4.4 build 8365 并尝试通过 Android 14+ 设备连接到 VPN 服务器。我为此使用了 Strongswan（Android），但在日志中收到以下错误：

Mar 26 09:51:38 09[IKE] sending cert request for "C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA11"
Mar 26 09:51:38 09[IKE] sending cert request for "C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2015"
Mar 26 09:51:38 09[IKE] sending cert request for "C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2"
Mar 26 09:51:38 09[IKE] sending cert request for "CN=localcontrol, OU=it, O=test, L=test, ST=test, C=test"
Mar 26 09:51:38 09[IKE] authentication of 'CN=192.168.88.253, OU=it, O=test, L=test, ST=test, C=test' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful
Mar 26 09:51:38 09[IKE] sending end entity cert "CN=192.168.88.253, OU=test, O=test, L=test, ST=test, C=test"
Mar 26 09:51:38 09[IKE] establishing CHILD_SA android{3}
Mar 26 09:51:38 09[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CPRQ(ADDR ADDR6 DNS DNS6) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) N(AUTH_FOLLOWS) ]
Mar 26 09:51:38 09[ENC] splitting IKE message (4428 bytes) into 4 fragments
Mar 26 09:51:38 09[ENC] generating IKE_AUTH request 1 [ EF(1/4) ]
Mar 26 09:51:38 09[ENC] generating IKE_AUTH request 1 [ EF(2/4) ]
Mar 26 09:51:38 09[ENC] generating IKE_AUTH request 1 [ EF(3/4) ]
Mar 26 09:51:38 09[ENC] generating IKE_AUTH request 1 [ EF(4/4) ]
Mar 26 09:51:38 09[NET] sending packet: from 192.168.88.10[49811] to 192.168.88.253[4500] (1360 bytes)
Mar 26 09:51:38 09[NET] sending packet: from 192.168.88.10[49811] to 192.168.88.253[4500] (1360 bytes)
Mar 26 09:51:38 09[NET] sending packet: from 192.168.88.10[49811] to 192.168.88.253[4500] (1360 bytes)
Mar 26 09:51:38 09[NET] sending packet: from 192.168.88.10[49811] to 192.168.88.253[4500] (544 bytes)
Mar 26 09:51:38 11[NET] received packet: from 192.168.88.253[4500] to 192.168.88.10[49811] (1248 bytes)
Mar 26 09:51:38 11[ENC] parsed IKE_AUTH response 1 [ EF(1/2) ]
Mar 26 09:51:38 11[ENC] received fragment #1 of 2, waiting for complete IKE message
Mar 26 09:51:38 11[NET] received packet: from 192.168.88.253[4500] to 192.168.88.10[49811] (192 bytes)
Mar 26 09:51:38 11[ENC] parsed IKE_AUTH response 1 [ EF(2/2) ]
Mar 26 09:51:38 11[ENC] received fragment #2 of 2, reassembled fragmented IKE message (1372 bytes)
Mar 26 09:51:38 11[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH ]
Mar 26 09:51:38 11[IKE] received end entity cert "CN=192.168.88.253, OU=it, O=test, L=test, ST=test, C=test"
Mar 26 09:51:38 11[CFG]   using trusted certificate "CN=192.168.88.253, OU=it, O=test, L=test, ST=test, C=test"
Mar 26 09:51:38 11[CFG]   using trusted ca certificate "CN=localcontrol, OU=it, O=test, L=test, ST=test, C=test"
Mar 26 09:51:38 11[CFG]   reached self-signed root ca with a path length of 0
Mar 26 09:51:38 11[CFG] checking certificate status of "CN=192.168.88.253, OU=it, O=test, L=test, ST=test, C=test"
Mar 26 09:51:38 11[CFG] certificate status is not available
Mar 26 09:51:38 11[IKE] authentication of 'CN=192.168.88.253, OU=it, O=test, L=test, ST=test, C=test' with RSA_EMSA_PKCS1_SHA2_256 successful
Mar 26 09:51:38 11[ENC] generating IKE_AUTH request 2 [ IDi ]
Mar 26 09:51:38 11[NET] sending packet: from 192.168.88.10[49811] to 192.168.88.253[4500] (76 bytes)
Mar 26 09:51:38 12[NET] received packet: from 192.168.88.253[4500] to 192.168.88.10[49811] (76 bytes)
Mar 26 09:51:38 12[ENC] parsed IKE_AUTH response 2 [ N(AUTH_FAILED) ]
Mar 26 09:51:38 12[IKE] received AUTHENTICATION_FAILED notify error

我的拓扑：

1. 充当 Kerio 控制服务器的 PC
2. 交换机充当 DHCP 服务器
3. 路由器（无互联网连接）
4. 主 PC，我可以从这里访问 Kerio Control Web 面板

我几乎确信我的证书是正确的，并且我可以使用带有证书的 Windows IKEv2 正常连接。

我做错了什么？

编辑：这是我从 openssl 获得的证书信息。出于某种原因，我无法打开 pkcs12 证书，但我能够打开 pem 证书和密钥