[strongSwan] v4.4.1 on squeeze w/ ios6: server cert verification fails
Jason
strongswan at lakedaemon.net
Thu Jan 3 16:03:43 CET 2013
On Wed, Jan 02, 2013 at 12:47:24PM -0500, Jason wrote:
> On Wed, Jan 02, 2013 at 08:27:40AM -0800, Bharath Kumar wrote:
> > Our CA cert is pem format.
>
> Gah! I got it. For some reason I had it stuck in my head that iOS only
> accepted .p12 cert files. It imported my CA .pem just fine, which then
> listed my client cert as trusted.
>
> I actually got a [vpn] icon for a bit. Unfortunately, it won't connect
> again. It's probably something I changed while debugging. I'll figure
> it out later.
Just to close this up for the archives, I have it working. By working,
I mean I can ping the virtual IP on the phone from the server, and I can
ssh to the server's internal IP address from the phone.
To do this, I had to enable backports on Debian squeeze (armel). This
bumped strongswan up to version 4.5.1.
Next up is getting my routing rules layed out, then creating profiles
for iOS devices. I'd like the VPN to be always on, which there doesn't
seem to be a way to set that without profiles...
thx,
Jason.
More information about the Users
mailing list