[strongSwan] Apple cisco connect issue
Lars Hjersted
lars at hjersted.com
Fri Jun 10 15:09:36 CEST 2011
> Lars,
>
> I went ahead and recreated the certificates based on your recommendations, altNames and flags are set correctly. Still same
> error.
>
> Then I upgraded to 4.5.1. It starts up fine on rc4 but exact same issue.
>
> Any other advice?
>
> Thanks for all the help.
>
> Hafeez
>
>
Hafeez,
I am running out of ideas, but I still suspect the issue is with the
client.
I remember I had the same error on the Apple client when I was first
setting this up, but I do not recall if it was the same error in the
strongSwan logs. In my case I think it was because I did not have the root
CA installed on the iOS device since I originally assumed that it would
use a root CA included in a PKCS #12. I went ahead and deleted my root CA
from my iOS device and can confirm that I get the same errors as you on
both strongSwan and iOS. Although this still doesn't prove that it is
the same cause, I think it positively indicates that the issue is with the
client and not strongSwan.
On your iphone under Settings > General > Profiles do you find both your
client certificate and root CA certificate? When you select each of these
profiles is it indicated that they are "trusted"? I also noticed that I
have the "clientAuth" EKU flag on my client certificate, but I doubt this
matters.
You might also try using ports 500/4500.
-Lars
More information about the Users
mailing list