[vpn-help] Unable to verify remote peer certificate

Michael shrewlist at encambio.com
Wed Mar 31 07:44:22 CDT 2010

Hello list,

I'm using the shrew ike daemon (packaged with the Qt client) version
2.1.4 on Ubuntu Linux 9.10. The goal is a roadwarrior installation
with X.509 certificate authentication.

When using preshared keys this same configuration works. Mobile
clients using other software (IPSecuritas) with the same
certificates I'm loading in Shrew work as well so...

The problem is that I see 'Gateway authentication error' in the
GUI window after trying to connect. The log /var/log/iked.log:

  ii : unable to get local issuer certificate(20) at depth:0
  ii : subject :/CN=name.host.tld
  !! : unable to verify remote peer certificate

The host 'name.host.tld' is in the SubjectAltName of the X.509
certificate loaded on the ike v1 server m0n0wall 1.31. I have
concatanated the root and intermediate CA certificates of CaCert.org
to the file 'cacert-combi.pem':


What can be the problem?


More information about the vpn-help mailing list