<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">On 30 Oct 2016, at 01:09, Derek Cameron <<a href="mailto:dcamero2016@gmail.com" class="">dcamero2016@gmail.com</a>> wrote:<div class=""><br class=""><div><blockquote type="cite" class=""><div class=""><div class="">Here is a configuration that works for iOS 10: <a href="http://xpu.ca/strongswan-ubuntu/" class="">http://xpu.ca/strongswan-ubuntu/</a><br class=""></div></div></blockquote></div><br class=""></div><div class="">I’ve been following this myself and it works on my Android phone, but not on my</div><div class="">new OSX 10.12.1.</div><div class=""><br class=""></div><div class="">I get</div><div class=""><br class=""></div><div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>looking for peer configs matching <ExternalIP>[<CertDN>]…<RemoteIP>[turbo]</div><div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>no matching peer config found</div><div class=""><br class=""></div><div class="">On Android, I don’t have to enter the remote ID and it works with or without that (ends</div><div class="">up as “looking for … <ExternalIP>[%any]”). But on OSX I _must_ enter that.</div><div class=""><br class=""></div><div class="">Comparing the two connection attempts, that ‘looking for peer configs’ is _identical_, but</div><div class="">the OSX client doesn’t work.</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">If I don’t enter the ‘Local ID’ (it’s optional), then the ‘[turbo]’ parts ends up as it’s local</div><div class="">NAT address.</div><div class=""><br class=""></div><div class="">My config:</div><div class=""><br class=""></div><div class="">— snip —</div><div class=""><div class="">config setup</div><div class=""><br class=""></div><div class="">conn %default</div><div class=""> keyexchange=ikev2</div><div class=""> left=<ExternalIP></div><div class=""> leftid=“<CertDN>"</div><div class=""> leftcert=server.pem</div><div class=""> leftsubnet=0.0.0.0/0</div><div class=""> right=%any</div><div class=""> rightsourceip=192.168.6.0/24</div><div class=""> rightdns=192.168.6.1</div><div class=""> dpdaction=clear</div></div><div class=""><div class="">— snip —</div><div class=""><br class=""></div><div class="">I had to put the DN in there because I got:</div><div class=""><br class=""></div><div class=""><div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>loaded certificate “<CertDN>" from ’server.pem'</div><div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>id ’server.domain.tld' not confirmed by certificate, defaulting to ‘<CertDN>’</div></div><div class=""></div></div></body></html>