<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
</head>
<body class='hmmessage'>
Lars,<BR>
<BR>
Error on iphone is "Could not validate the server certificate"<BR>
<BR>
I have made sure domain name in the server field matches the domain in the server certificate it is connecting.<BR>
<BR>
So what else I can do. I really don't want to touch the router to upgrade to rc5. It is very stable as it is.<BR>
<BR>
I tried to compile 4.5 for rc4 no luck there either. <BR><BR>
Thanks,<BR>
Hafeez<BR>
<BR>
<BR>
> Date: Thu, 9 Jun 2011 17:34:04 -0400<BR>> From: lars@hjersted.com<BR>> To: users@lists.strongswan.org<BR>> Subject: Re: [strongSwan] Apple cisco connect issue<BR>> <BR>> <BR>> > Lars,<BR>> > I get the same error for all apple cisco clients. Pure cisco client is connecting okay.<BR>> > "rightsourceip=192.168.168.2" is the ip that will be assigned to the client from the virtual ip pool. It works fine for pure cisco client.<BR>> > Hafeez<BR>> ><BR>> <BR>> Hafeez,<BR>> <BR>> Do you get any error messages on the Apple clients? Are you certain that <BR>> your server certificate includes your router's WAN IP or FQDN in the <BR>> subject DN or subjectAltName? This should be the same IP or domain name <BR>> that the client uses to reach your VPN gateway.<BR>> <BR>> My ipsec.conf is more or less the same as yours. Here are the relevant <BR>> excerpts:<BR>> <BR>> ###############################<BR>> <BR>> config setup<BR>> plutostart=yes<BR>> nat_traversal=yes<BR>> <BR>> conn %default<BR>> left=%defaultroute<BR>> leftsubnet=0.0.0.0/0<BR>> leftfirewall=yes<BR>> right=%any<BR>> rightsubnet=10.0.0.0/24<BR>> auto=add<BR>> <BR>> conn ipad<BR>> keyexchange=ikev1<BR>> authby=xauthrsasig<BR>> xauth=server<BR>> leftcert=serverCert.der<BR>> rightsourceip=10.0.0.3<BR>> rightcert=ipadCert.der<BR>> pfs=no<BR>> <BR>> ##############################<BR>> <BR>> And in ipsec.secrets I have:<BR>> <BR>> : RSA serverKey.der<BR>> myuser : XAUTH "mypassword"<BR>> <BR>> <BR>> -Lars<BR>> <BR>> _______________________________________________<BR>> Users mailing list<BR>> Users@lists.strongswan.org<BR>> https://lists.strongswan.org/mailman/listinfo/users<BR> </body>
</html>