[strongSwan] Strongswan + Mac OSX

Martin Willi martin at strongswan.org
Thu Sep 6 12:20:51 CEST 2012


> The other Mountain Lion had the exact same behaviour as mine (also
> 10.8.1),

Strange, as my 10.8.1 works just fine.

> the one with Lion installed 'only' complained about not being
> able to verify the server certificate.

Please be aware that Hybrid authentication did not work correctly in
Lion, failing with a certificate validation error. You'll have to use a
client certificate on Lion.

> I also found this topic in an Apple Forum [...] I'm wondering if that
> problem is related.

Hard to say. One thing to consider with Mountain Lion is that
certificates now need a proper ACL on the private key for authentication
(set to racoon). This might be the problem with that L2TP/IPsec issue,
but not with Hybrid authenticated clients (and your error, the profile
installer sets ACLs just fine).

You may try to test against our revobox demo setup [1] that uses
strongSwan and works fine here. An iOS / OS X profile is available at
[2], after installation you should be able to connect with "tester" /
"test". If this works, something is wrong with your setup, if not,
something with your Mac.



More information about the Users mailing list