cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
wipe1
What's DOS?
Posts: 3
Registered: ‎11-03-2011
Location: Germany
Views: 750
Message 1 of 4

problem to setup ikev2 vpn connection

I'm currently trying to setup a vpn connection on my Defy+, that is supplied with the QuickSec IPSec VPN client. As I can read in the Documentation "Authentic VPN Client Guide 12/2/10", this IPSec Client should be able to make a connection to our IKEv2 Gateway.

We are using x509 certificates to authenticate against the IPSec Gateway. So the first step I had to do, is to prepare my PKCS12 user certificate to make it in the right form, and save it to the smart-phone.

After copying the end-user/CA- DER/BER-encoded certificate and the PKCS#8 formatted private key to the vpn/certificate directory on the smartphone, I started to configure the connection on the smartphone with the vpn-gui, I choose the "extended IPsec-VPN", then I got a "certificate error" with the message "the certificate user.crt is invalid and can not be read". Needless to say, I can not setup a vpn-connection, because there is no user-certificate to choose in the gui. The interesting thing, I can choose the CA-Certificate, that I also copied together with the user certificate to the "certificate"-location on the smart-phone. So, something went wrong with the user-certificate, may someone can give me a hint about that. Are there any constraints about the user-certificate, Where can I get further documentation. Any help would be helpful.

Peter     

Motorola Defy+ (MB526) Android 2.3.4

Systemversion 45.0.74

IPSec Gateway strongSwan

http://www.strongswan.org/

wipe1
What's DOS?
Posts: 3
Registered: ‎11-03-2011
Location: Germany
Views: 750
Message 2 of 4

Re: problem to setup ikev2 vpn connection

No comments or advices for the issue I decribed above?

Moto_Calvin
What's DOS?
Posts: 16
Registered: ‎11-17-2010
Location: United States
Views: 750
Message 3 of 4

Re: problem to setup ikev2 vpn connection

Try the following:


 


Make sure that both the private key and certificate have the same name but have different file types. See the example below using the name "ssg5"  for both the private key and certificate:


 


The certificate is named ssg5.pkcs8 and the key is named ssg5.crt.


Both of these files need to be copied to the phone's sdcard\vpn\templates


 


This should resolve your issue.

wipe1
What's DOS?
Posts: 3
Registered: ‎11-03-2011
Location: Germany
Views: 750
Message 4 of 4

Re: problem to setup ikev2 vpn connection

Thanks for your answer. Both, the certificate and the key, have the same name:


the certificate wipe.crt and the key wipe.pkcs8  


wipe.crt is DER-encoded 


wipe.pkcs8 is PKCS#8 format key


and i put the files to sdcard\vpn\certificates


when i try to setup a vpn-connection with the gui: wireless\vpn-settings\extended-ipsec-vpn


i got the error message "The certificate wipe.crt is invalid and can not be read"


However the certificate wipe.crt  is exported from Windows and seems to be ok ...