[strongSwan] Strongswan + Mac OSX

Claude Tompers claude.tompers at restena.lu
Thu Sep 6 15:04:54 CEST 2012

On 09/06/2012 12:20 PM, Martin Willi wrote:
> Claude,
>> The other Mountain Lion had the exact same behaviour as mine (also
>> 10.8.1),
> Strange, as my 10.8.1 works just fine.
>> the one with Lion installed 'only' complained about not being
>> able to verify the server certificate.
> Please be aware that Hybrid authentication did not work correctly in
> Lion, failing with a certificate validation error. You'll have to use a
> client certificate on Lion.
>> I also found this topic in an Apple Forum [...] I'm wondering if that
>> problem is related.
> Hard to say. One thing to consider with Mountain Lion is that
> certificates now need a proper ACL on the private key for authentication
> (set to racoon). This might be the problem with that L2TP/IPsec issue,
> but not with Hybrid authenticated clients (and your error, the profile
> installer sets ACLs just fine).
> You may try to test against our revobox demo setup [1] that uses
> strongSwan and works fine here. An iOS / OS X profile is available at
> [2], after installation you should be able to connect with "tester" /
> "test". If this works, something is wrong with your setup, if not,
> something with your Mac.
> Regards
> Martin
> [1]http://demo.revosec.ch/
> [2]https://master.revosec.net/device/mobileconfig/62IUAFQH/62IUAFQH.mobileconfig
Hi Martin,

Thanks for the test. My MacBook says it could not validate the server
At least this shows that my Macbook isn't completely broken.
If you want to have a look at the logs, my machine's IP address is or 2001:a18:1:8:.....

The connection works on my iPhone.

The setup on Lion as well as on Mountain Lion uses a client certificate.
So this time, I'm not in a hybrid environment.

kind regards,

Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120906/2fe7af16/attachment.pgp>

More information about the Users mailing list