[strongSwan] Apple cisco connect issue

Hafeez Rehman hafeezr at hotmail.com
Fri Jun 10 00:04:43 CEST 2011 

Lars,
 
Error on iphone is "Could not validate the server certificate"
 
I have made sure domain name in the server field matches the domain in the server certificate it is connecting.
 
So what else I can do. I really don't want to touch the router to upgrade to rc5. It is very stable as it is.
 
I tried to compile 4.5 for rc4 no luck there either. 

Thanks,
Hafeez
 
 
> Date: Thu, 9 Jun 2011 17:34:04 -0400
> From: lars at hjersted.com
> To: users at lists.strongswan.org
> Subject: Re: [strongSwan] Apple cisco connect issue
> 
> 
> > Lars,
> > I get the same error for all apple cisco clients. Pure cisco client is connecting okay.
> > "rightsourceip=192.168.168.2" is the ip that will be assigned to the client from the virtual ip pool. It works fine for pure cisco client.
> > Hafeez
> >
> 
> Hafeez,
> 
> Do you get any error messages on the Apple clients? Are you certain that 
> your server certificate includes your router's WAN IP or FQDN in the 
> subject DN or subjectAltName? This should be the same IP or domain name 
> that the client uses to reach your VPN gateway.
> 
> My ipsec.conf is more or less the same as yours. Here are the relevant 
> excerpts:
> 
> ###############################
> 
> config setup
> plutostart=yes
> nat_traversal=yes
> 
> conn %default
> left=%defaultroute
> leftsubnet=0.0.0.0/0
> leftfirewall=yes
> right=%any
> rightsubnet=10.0.0.0/24
> auto=add
> 
> conn ipad
> keyexchange=ikev1
> authby=xauthrsasig
> xauth=server
> leftcert=serverCert.der
> rightsourceip=10.0.0.3
> rightcert=ipadCert.der
> pfs=no
> 
> ##############################
> 
> And in ipsec.secrets I have:
> 
> : RSA serverKey.der
> myuser : XAUTH "mypassword"
> 
> 
> -Lars
> 
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110609/eb6d8f78/attachment.html>

More information about the Users mailing list