I'm having an issue, seemingly with certificates to setup an IKEv2 VPN w/ certs.
I've followed the steps to create the certs, self-signed, using both on-router methods (/certificate add) and openssl on linux.
I might be having an issue on the client side (testing on Windows 10) since I'm converting the client crt and key to a p12 file to import it via snap-in. The router (hAP AC) is reporting "INVALID SYNTAX" (https://pastebin.com/9V2C6Te3) when trying to connect, with Windows reporting "no valid certificate was found"
Is there any definitive steps for the current version to set up IKEv2 w/ certificates and Windows clients (also will be setting it up for iOS) that I'm missing?
Edit: I think I may have fixed that part, I redid the certs using a different "Issued to" vs "Issued from" (apparently an issue on Windows), but now it gives me a "IKE authentication credentials are unacceptable" error in W10, with the server telling me:
01:32:59 ipsec can't get my certificate from configuration
01:32:59 ipsec,error can't get private key
My certificate printout:
0 K T ca.crt_0
1 K T server.crt_0
The ca.crt and server.crt match the client.crt imported into windows. Both have crt and key imported, something again I'm missing?