(OS X 10.12.2, app built with winebottler 1.8-rc4 - resulting in wine 1.8-rc4) When quitting winbox wine is left running. If it doesn't, you'll need to ask for support on the Android side - I believe the log can be obtained at the phone side as well if you use the right tools.Ĭode: Select all 16:49:58 ipsec ipsec: processing payload: EAPġ6:49:58 ipsec,debug ipsec: => EAP MSK (size 0x0)ġ6:49:58 ipsec ipsec: adding payload: EAPġ6:49:58 ipsec,debug ipsec: => (size 0x8)ġ6:49:58 ipsec,debug ipsec: 00000008 03010004ġ6:49:58 ipsec ipsec: ike2 request, exchange: AUTH:4 212.79.110.Noticed this in 3.8 but now I see 3.9 is out and it still occurs. You can create your own CA, use it to sign a certificate with all the three key-usage values above and see whether it changes something (provided that you can install the CA certificate as a trusted root CA to the Android) if that helps, it makes sense to find out which particular value out of those three is required by creating another certificate with one of them missing, and then create a new certificate signed by Cloudflare with that value present. I'm afraid this is the maximum that can be retrieved from the log at Mikrotik side. If the issue is related to the certificate contents, I can only imagine that the Android native client looks at the common-name item (which is not very likely) and finds it unrelated to the fqdn it connects to, or that it expects one of the ipsec-end-system, ipsec-tunnel, or ipsec-user values in the key-usage field (it's actually a logical concatenation of two fields but that's irrelevant here).īut it may also dislike the EAP challenge which is being sent in the same IKEv2 message like the certificate. Also checked and confirmed the cert validaty by accessing Router's Webfig over httpS (Of course because of adding the "Cloudflare Origin CA root certificates" to the OS root CA inventory). On the Android, Windows11 and also iOS, I have added/imported the "Cloudflare Origin CA root certificates" into the operating system's root cert inventory (not included on bundle unfortunately).Ģ. I have also imported the "Cloudflare Origin CA root certificates" on the Mikrotik (which I think is not needed):Ĭode: Select all /certificate/print detail where name="origin_ca_rsa_root.pem_0"ĭigest-algorithm=sha256 key-type=rsa country="US" state="California" locality="San Francisco" Trusted=yes key-usage=digital-signature,key-encipherment,tls-server,tls-client Issuer=C=US,S=California,L=San Francisco,O=CloudFlare,Inc.,OU=CloudFlare Origin SSL Certificate Authorityĭigest-algorithm=sha256 key-type=rsa organization="CloudFlare, Inc." unit="CloudFlare Origin CA"Ĭommon-name="CloudFlare Origin Certificate" key-size=2048 Code: Select all /certificate/print detail where name=""įlags: K - private-key L - crl C - smart-card-key A - authority I - issued, R - revoked E - expired T - trusted
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |