Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Connect Client IPSec with Elliptic Curve Certificate generation error

Should Connect Client work with ECC Certificates?

If I use Certificates with these Keys and Curves:

The Connect Client will simply not connect at all. It will not establish any network connectio n, does not even send a single packet to the VPN gateway.

In charon.log on the client I see "building CRED_PRIVATE_KEY - RSA failed"

2022-01-28 06:35:06PM 00[DMN] Starting IKE service charon-svc (strongSwan 5.8.0, Windows Client 6.2.9200 (SP 0.0)
2022-01-28 06:35:06PM 00[LIB] TAP-Windows driver version 1.0 available.
2022-01-28 06:35:08PM 00[LIB] opened TUN device: {6435FFA6-95F0-4CB6-8524-6F8A746B2637}
2022-01-28 06:35:08PM 00[LIB] loaded plugins: charon-svc nonce x509 pubkey pkcs1 pkcs7 pkcs8 pkcs12 pem openssl kernel-libipsec kernel-iph socket-win vici eap-identity eap-gtc eap-mschapv2 xauth-generic windows-dns
2022-01-28 06:35:08PM 00[JOB] spawning 16 worker threads
2022-01-28 06:35:15PM 11[CFG] loaded certificate 'xxxxxxxxxxxxxxx
2022-01-28 06:35:15PM 14[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 5 builders

If I use a Certificate with RSA key like this, it works.

2022-01-28 06:48:25PM 10[CFG] loaded certificate 'xxxxxxxxxxxxxxx
2022-01-28 06:48:26PM 15[CFG] loaded RSA private key
2022-01-28 06:48:26PM 12[CFG] loaded EAP shared key with id 'xxxxxxxxxxxxx_IPSec-user-id' for: 'sdfvxc'
2022-01-28 06:48:28PM 14[LIB] TAP-Windows driver version 1.0 available.
2022-01-28 06:48:28PM 19[KNL] interface 7 'Sophos TAP Adapter' changed state from Down to Up

SFOS 18.5.2

Connect Client: SophosConnect_2.1.20_(IPsec_and_SSLVPN)



This thread was automatically locked due to age.