[strongSwan] Apple cisco connect issue

Hafeez Rehman hafeezr at hotmail.com
Fri Jun 10 18:18:17 CEST 2011 

Lars,
 
IOS connects fine now. Thanks for the tip I installed root CA onto iphone and it connected. I was thinking the same thing CA will be installed by 
PKCS #12.
 
I did the exact same thing on Snow Leopard but it still does not connect. I will keep trying and let you know. 
 
Did you try to connect osx with any success?
 
Regards,
 
Hafeez
 
> Date: Fri, 10 Jun 2011 09:09:36 -0400
> From: lars at hjersted.com
> To: hafeezr at hotmail.com
> CC: users at lists.strongswan.org
> Subject: RE: [strongSwan] Apple cisco connect issue
> 
> 
> > Lars,
> > 
> > I went ahead and recreated the certificates based on your recommendations, altNames and flags are set correctly. Still same
> > error.
> > 
> > Then I upgraded to 4.5.1. It starts up fine on rc4 but exact same issue.
> > 
> > Any other advice?
> > 
> > Thanks for all the help.
> > 
> > Hafeez
> > 
> >
> 
> Hafeez,
> 
> I am running out of ideas, but I still suspect the issue is with the 
> client.
> 
> I remember I had the same error on the Apple client when I was first 
> setting this up, but I do not recall if it was the same error in the 
> strongSwan logs. In my case I think it was because I did not have the root 
> CA installed on the iOS device since I originally assumed that it would 
> use a root CA included in a PKCS #12. I went ahead and deleted my root CA 
> from my iOS device and can confirm that I get the same errors as you on 
> both strongSwan and iOS. Although this still doesn't prove that it is 
> the same cause, I think it positively indicates that the issue is with the 
> client and not strongSwan.
> 
> On your iphone under Settings > General > Profiles do you find both your 
> client certificate and root CA certificate? When you select each of these 
> profiles is it indicated that they are "trusted"? I also noticed that I 
> have the "clientAuth" EKU flag on my client certificate, but I doubt this 
> matters.
> 
> You might also try using ports 500/4500.
> 
> -Lars
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110610/61e5252a/attachment.html>

More information about the Users mailing list