[strongSwan] Strongswan + Mac OSX
Martin Willi
martin at strongswan.org
Thu Sep 6 12:20:51 CEST 2012
Claude,
> The other Mountain Lion had the exact same behaviour as mine (also
> 10.8.1),
Strange, as my 10.8.1 works just fine.
> the one with Lion installed 'only' complained about not being
> able to verify the server certificate.
Please be aware that Hybrid authentication did not work correctly in
Lion, failing with a certificate validation error. You'll have to use a
client certificate on Lion.
> I also found this topic in an Apple Forum [...] I'm wondering if that
> problem is related.
Hard to say. One thing to consider with Mountain Lion is that
certificates now need a proper ACL on the private key for authentication
(set to racoon). This might be the problem with that L2TP/IPsec issue,
but not with Hybrid authenticated clients (and your error, the profile
installer sets ACLs just fine).
You may try to test against our revobox demo setup [1] that uses
strongSwan and works fine here. An iOS / OS X profile is available at
[2], after installation you should be able to connect with "tester" /
"test". If this works, something is wrong with your setup, if not,
something with your Mac.
Regards
Martin
[1]http://demo.revosec.ch/
[2]https://master.revosec.net/device/mobileconfig/62IUAFQH/62IUAFQH.mobileconfig
More information about the Users
mailing list