[strongSwan] Apple cisco connect issue

Lars Hjersted lars at hjersted.com
Fri Jun 10 15:09:36 CEST 2011

> Lars,
> I went ahead and recreated the certificates based on your recommendations, altNames and flags are set correctly. Still same
> error.
> Then I upgraded to 4.5.1. It starts up fine on rc4 but exact same issue.
> Any other advice?
> Thanks for all the help.
> Hafeez


I am running out of ideas, but I still suspect the issue is with the 

I remember I had the same error on the Apple client when I was first 
setting this up, but I do not recall if it was the same error in the 
strongSwan logs. In my case I think it was because I did not have the root 
CA installed on the iOS device since I originally assumed that it would 
use a root CA included in a PKCS #12. I went ahead and deleted my root CA 
from my iOS device and can confirm that I get the same errors as you on 
both strongSwan and iOS. Although this still doesn't prove that it is 
the same cause, I think it positively indicates that the issue is with the 
client and not strongSwan.

On your iphone under Settings > General > Profiles do you find both your 
client certificate and root CA certificate? When you select each of these 
profiles is it indicated that they are "trusted"? I also noticed that I 
have the "clientAuth" EKU flag on my client certificate, but I doubt this 

You might also try using ports 500/4500.


More information about the Users mailing list