FreeBSD, StrongSwan, authentication failed with certificate with Android client

David Mehler dave.mehler at
Wed Jul 15 02:15:09 UTC 2020


Adding to this I believe this is my error:

Jul 14 12:08:44 11[IKE] received TS_UNACCEPTABLE notify, no CHILD_SA built
Jul 14 12:08:44 11[IKE] closing IKE_SA due CHILD_SA setup failure

Any suggestions?

The strongswan is in a vnet-jail, said jail has a public IPv6 address
and a private IPv4 address which is natted to the host's public IPv4
address it's 192.168.5.x/24. On the connecting side home setup, single
public IPv4 address, Orbi system providing wireless, routing, nat,
private IPv4 address space of

Separate but possibly related, also having issue getting Asterisk
audio going from server to remote connection.

Suggestions welcome.

On 7/14/20, David Mehler <dave.mehler at> wrote:
> Hello,
> I've got StrongSwan set up on a vnet FreeBSD jail. I'm forwarding the
> correct UDP ports and have made a root, a server, and a client
> certificate. I've loaded the root CA in to the Android app, and have
> loaded in the .p12 file in to the app. I atempt to connect and get a
> failed authentication message. The log is quite extensive and I'm not
> seeing the specific problem. Can someone take a look and let me know
> what the issue might be?
> Thanks.
> Dave.

More information about the freebsd-questions mailing list