I am trying to connect to the azure-vpn using Ubuntu 22.04.1. I am able to connect to the VPN gateway using my Windows system and the Azure VPN Client provided.
However, with Ubuntu I am not able to connect. The output from the log appears as below where the error occurs:
certificate policy 2.23.140.1.2.2 for 'C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=<GUID>.vpn.azure.com' not allowed by trustchain, ignored
sending TLS client certificate 'CN=client'
generating IKE_AUTH request 7 [ EAP/RES/TLS ]
sending packet: from 192.168.0.39[4500] to <SERVER_IP>[4500] (1085 bytes)
received packet: from <SERVER_IP>[4500] to 192.168.0.39[4500] (72 bytes)
parsed IKE_AUTH response 7 [ EAP/REQ/TLS ]
generating IKE_AUTH request 8 [ EAP/RES/TLS ]
sending packet: from 192.168.0.39[4500] to <SERVER_IP>[4500] (1018 bytes)
received packet: from <SERVER_IP>[4500] to 192.168.0.39[4500] (88 bytes)
parsed IKE_AUTH response 8 [ EAP/REQ/TLS ]
received fatal TLS alert 'access denied'
EAP_TLS method failed
generating INFORMATIONAL request 9 [ N(AUTH_FAILED) ]
sending packet: from 192.168.0.39[4500] to <SERVER_IP>[4500] (65 bytes)
establishing connection 'azure' failed
The "access denied" is not an error that I have seen before and I can't find any information online about the root cause of this particular case. One item of NOTE: When I download the VpnClient information from Azure, the "Generic" folder has a VpnRootServer.cer_0 file that gets placed in the /etc/ipsec.d/cacerts folder. However, originally the extension was just ".cer". I am not sure why the _0 has been added to it.
I am not sure how to debug this any further. If anyone has seen either of these issues I would appreciate some feedback.
Thanks!
