Hi guys thank you for this post.
I've been trying to make it work for a couple of weeks but not able to.
When I try to connect from a Windows machine I get a error 13801 - IKE authentication credentials are unacceptable.
What I have tried:
> I created a DNS entry from "noip website" (my_vpn_server.ddns.net) as I don't have a public DNS and bedcause the CN has to be a FQDN. I put this as CN when creating the server certificate and also on leftid field at my.ipsec file.
> Please look at my openssl.cnf (attached). I have serverauth for the server certificate and its subjectAltName. I also added the required EKU variables.
> As the end user machine certificate, I created a pfx file as some sources suggest.
*openssl pkcs12 -export -out enduser.pfx -inkey enduser.key.pem -in enduser.cert.pem*
The files "my.ipsec" and "my.secrets" are basically the same as you guys described.
Sources I've been looking at:
https://wiki.strongswan.org/projects/strongswan/wiki/Win7CertReq
https://community.ubnt.com/t5/EdgeRouter/Road-Warrior-IKEv2-VPN-Server/m-p/2504884
https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection
https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/ikev2-howto.md
http://edgemax4.rssing.com/chan-63838587/all_p284.html
https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients
https://aryklein.wordpress.com/2013/09/03/ipsec-with-strongswan-2/
http://tiebing.blogspot.com/2012/05/windows-7-ikev2-error-13806.html
https://www.zeitgeist.se/2013/11/22/strongswan-howto-create-your-own-vpn/
https://jamielinux.com/docs/openssl-certificate-authority/introduction.html
Any thoughts?
Thanks,
Alan