
<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

  </head>

  <body>

    <div class="moz-cite-prefix">Hi Tom,<br>

      <br>

      leftsendcert is set. Here are the details of the config :<br>

      <br>

      conn %default<br>

              keyexchange=ikev2<br>

              ikelifetime=60m<br>

             

ike=aes256-sha256-modp2048,aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024!<br>

              esp=aes256-sha1,aes256-sha1,3des-sha1!<br>

              dpdaction=restart<br>

              dpddelay=60s<br>

              dpdtimeout=300s<br>

              keyingtries=5<br>

              inactivity=4h<br>

              lifetime=4h<br>

              left=strongswan.restena.lu<br>

              <a class="moz-txt-link-abbreviated"

        href="mailto:leftid=@strongswan.restena.lu"

        moz-do-not-send="true">leftid=@strongswan.restena.lu</a><br>

              leftauth=pubkey<br>

              leftsendcert=always<br>

              leftcert=strongswan.restena.lu-cert.pem<br>

              leftsubnet=0.0.0.0/0,::/0<br>

              right=%any<br>

              rightauth=pubkey<br>

              rightsendcert=always<br>

              rekey=yes<br>

              reauth=yes<br>

              mobike=no<br>

      <br>

      Apart from the default, every user is idenfied by it's certificate

      CN and is assigned to an IP pool<br>

      <br>

      conn IKEv2-tech-ctompers<br>

              rightid="..."<br>

              rightsourceip=%pool-v4,%pool-v6<br>

              auto=add<br>

      <br>

      We already had this issue in former versions when the native

      client was doing only IKEv1.<br>

      <br>

      kind regards,<br>

      Claude<br>

      <br>

      On 24/03/2020 12:38, Tom Rymes wrote:<br>

    </div>

    <blockquote type="cite"

      cite="mid:9454A4C6-8F98-477E-84CB-C3ACEC4FDA71@rymes.com">

      <meta http-equiv="content-type" content="text/html; charset=UTF-8">

      <div dir="ltr">Claude,</div>

      <div dir="ltr"><br>

      </div>

      <div dir="ltr">Have you followed the suggestions here?: <a

href="https://wiki.strongswan.org/projects/strongswan/wiki/AppleClients#IKEv2-on-iOS-9-amp-macOS-1011-and-newer"

          moz-do-not-send="true">https://wiki.strongswan.org/projects/strongswan/wiki/AppleClients#IKEv2-on-iOS-9-amp-macOS-1011-and-newer</a></div>

      <div dir="ltr"><br>

      </div>

      <div dir="ltr">leftsendcert=always solves a similar issue for us,

        I believe.</div>

      <div dir="ltr"><br>

      </div>

      <div dir="ltr">Perhaps you could post some details of your

        installation?</div>

      <div dir="ltr"><br>

      </div>

      <div dir="ltr">Tom</div>

      <div dir="ltr"><br>

        On Mar 24, 2020, at 6:56 AM, Claude Tompers <<a

          href="mailto:claude.tompers@restena.lu" moz-do-not-send="true">claude.tompers@restena.lu</a>>

        wrote:<br>

        <br>

      </div>

      <blockquote type="cite">

        <div dir="ltr"><span>Hi all,</span><br>

          <span></span><br>

          <span>Our whole team has issues with the native OSX VPN client

            not being very</span><br>

          <span>stable with our strongswan VPN server.</span><br>

          <span>Connections drop sometimes randomly but certainly after

            roughly 55 minutes.</span><br>

          <span>I'm wondering if anyone has the same issue and managed

            to solve it, or</span><br>

          <span>if there's another Mac VPN client that is stable ?</span><br>

          <span></span><br>

          <span>kind regards,</span><br>

          <span>Claude</span><br>

          <span></span><br>

          <span></span><br>

        </div>

      </blockquote>

    </blockquote>

    <br>

  </body>

</html>