[strongSwan] Apple cisco connect issue
Lars Hjersted
lars at hjersted.com
Thu Jun 9 23:34:04 CEST 2011
> Lars,
> I get the same error for all apple cisco clients. Pure cisco client is connecting okay.
> "rightsourceip=192.168.168.2" is the ip that will be assigned to the client from the virtual ip pool. It works fine for pure cisco client.
> Hafeez
>
Hafeez,
Do you get any error messages on the Apple clients? Are you certain that
your server certificate includes your router's WAN IP or FQDN in the
subject DN or subjectAltName? This should be the same IP or domain name
that the client uses to reach your VPN gateway.
My ipsec.conf is more or less the same as yours. Here are the relevant
excerpts:
###############################
config setup
plutostart=yes
nat_traversal=yes
conn %default
left=%defaultroute
leftsubnet=0.0.0.0/0
leftfirewall=yes
right=%any
rightsubnet=10.0.0.0/24
auto=add
conn ipad
keyexchange=ikev1
authby=xauthrsasig
xauth=server
leftcert=serverCert.der
rightsourceip=10.0.0.3
rightcert=ipadCert.der
pfs=no
##############################
And in ipsec.secrets I have:
: RSA serverKey.der
myuser : XAUTH "mypassword"
-Lars
More information about the Users
mailing list