I am attempting to use a letsencrypt certificate on my strong swan server; but I also see this behaviour with my own internal CA.
When trying to connect from a windows 10 host to a strong swan instance, the Windows host displays one of it's oh-so-helpful error messages that the "IKE Authentication credentials are not acceptable".
When I install the intermediate certificate authority certificate onto the windows host, everything connects just fine. When I do not have the intermediate present on the client, (but it is in the cacerts folder on the strong swan server), I receive the error.
So it seems to me that strong swan is not sending the intermediate certificate, but having spent several hours chasing this around I'm at a loss as to how to force the sending of the intermediate cert. I can see that it is sending the end entity cert in the logs, but there is no mention of the intermediate.
Any guidance much appreciated.