Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 14 Jul 2020 22:15:04 -0400
From:      David Mehler <>
Subject:   Re: FreeBSD, StrongSwan, authentication failed with certificate with Android client
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

Adding to this I believe this is my error:

Jul 14 12:08:44 11[IKE] received TS_UNACCEPTABLE notify, no CHILD_SA built
Jul 14 12:08:44 11[IKE] closing IKE_SA due CHILD_SA setup failure

Any suggestions?

The strongswan is in a vnet-jail, said jail has a public IPv6 address
and a private IPv4 address which is natted to the host's public IPv4
address it's 192.168.5.x/24. On the connecting side home setup, single
public IPv4 address, Orbi system providing wireless, routing, nat,
private IPv4 address space of

Separate but possibly related, also having issue getting Asterisk
audio going from server to remote connection.

Suggestions welcome.

On 7/14/20, David Mehler <> wrote:
> Hello,
> I've got StrongSwan set up on a vnet FreeBSD jail. I'm forwarding the
> correct UDP ports and have made a root, a server, and a client
> certificate. I've loaded the root CA in to the Android app, and have
> loaded in the .p12 file in to the app. I atempt to connect and get a
> failed authentication message. The log is quite extensive and I'm not
> seeing the specific problem. Can someone take a look and let me know
> what the issue might be?
> Thanks.
> Dave.

Want to link to this message? Use this URL: <>