Creating a remote host certificate for an IPsec roadwarrior connection with a SubjectAltName (this is required by some OpenBSD programs), the CGI seems to be running in an infinite loop. After a minute or two, it returns the error message: "Error 504 Gateway Timed Out" However, vpnmain.cgi can be accessed afterwards again (and the certificate has been created). Seen this issue on Core Update 117 (64 bit).
Peter: What steps are you taking to produce this issue? It sounds like you are choosing the option "Create a Certificate" at tunnel creation time, but I want to make sure.
(In reply to Tom Rymes from comment #1) > Peter: What steps are you taking to produce this issue? It sounds like you > are choosing the option "Create a Certificate" at tunnel creation time, but > I want to make sure. Yes, I set up the client certificate right before that. However, the delay was because the remote side could not bring up the VPN properly (OpenBSD - I mentioned that on the mailing list). However, strongswan did not do that in background, finally hitting the Apache CGI timeout. In my opinion, this is not very elegant behaviour, but nevertheless we can close this issue since it is not related to SubjectAltName.