Closed CeciAc closed 1 year ago
Thanks for your comment. We are actively investigating and will get back to you shortly. Thanks for your patience.
@CeciAc Thanks for the feedback! I have assigned the issue to the content author to evaluate and update as appropriate.
I've run into a similar error message when trying to connect with ECDSA
/ ECDH
key types.
Is it a requirement of the gateway that RSA
keys are used?
It would be helpful to have a list the acceptable valid key types and lengths.
I've tried 2 root-CA ECDSA 256 bits
and RSA 4096 bits
. In both cases, only client private key with 4096 size RSA
keys works.
ipsec --version Linux strongSwan U5.8.2/K5.8.0-49-generic University of Applied Sciences Rapperswil, Switzerland
uname -a Linux dlab101 5.8.0-49-generic #55~20.04.1-Ubuntu SMP Fri Mar 26 01:01:07 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Unfortunately, it's still not working for me using the referenced documentation: http://wiki.ciscolinux.co.uk/index.php?title=Azure/Point-to-Site_VPN
I see similar issues referencing the same issue, like this one https://github.com/MicrosoftDocs/azure-docs/issues/39270.
HI @mfaerevaag did you managed to make it work ? not working here either.
Nope! Seems like this is not area of priority for Azure. Therefore I had to go with another VPN provider as reliability on Linux clients was a requirement for me.
@mfaerevaag Yes, I noticed the same, unfortunately.
Unfortunately, we have been unable to review this issue in a timely manner. We sincerely apologize for the delayed response. We are closing this issue. If you feel that the problem persists, please respond to this issue with additional information.
Please continue to provide feedback about the documentation. We appreciate your contributions to our community.
@raidlman commented on Mon Mar 16 2020
According to https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about#certsettings client certificates should be generated with 4096 bits key length.
Issue
Both guides on https://docs.microsoft.com/de-de/azure/vpn-gateway/vpn-gateway-certificates-point-to-site-linux and https://docs.microsoft.com/de-de/azure/vpn-gateway/point-to-site-vpn-client-configuration-azure-cert#generate-certificates do not explicitly define the key length when generating the certificate.
The ipsec tool on Ubuntu 18.04 generates certificates with the default key length 2048:
Result
Strongswan fails with
when doing an
ipsec up azure
.Solution
Change documentation to
You can also refer to this excellent guide to improve your doumentation http://wiki.ciscolinux.co.uk/index.php?title=Azure/Point-to-Site_VPN.
@srvbpigh commented on Mon Mar 16 2020
Hello, @raidlman
Thank you for your feedback.
We are actively reviewing your comments and will get back to you soon.
Kind regards, Microsoft DOCS International Team
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.