[strongSwan] Strongswan + Mac OSX

Claude Tompers claude.tompers at restena.lu
Thu Sep 6 15:04:54 CEST 2012 

On 09/06/2012 12:20 PM, Martin Willi wrote:
> Claude,
>
>> The other Mountain Lion had the exact same behaviour as mine (also
>> 10.8.1),
> Strange, as my 10.8.1 works just fine.
>
>> the one with Lion installed 'only' complained about not being
>> able to verify the server certificate.
> Please be aware that Hybrid authentication did not work correctly in
> Lion, failing with a certificate validation error. You'll have to use a
> client certificate on Lion.
>
>> I also found this topic in an Apple Forum [...] I'm wondering if that
>> problem is related.
> Hard to say. One thing to consider with Mountain Lion is that
> certificates now need a proper ACL on the private key for authentication
> (set to racoon). This might be the problem with that L2TP/IPsec issue,
> but not with Hybrid authenticated clients (and your error, the profile
> installer sets ACLs just fine).
>
> You may try to test against our revobox demo setup [1] that uses
> strongSwan and works fine here. An iOS / OS X profile is available at
> [2], after installation you should be able to connect with "tester" /
> "test". If this works, something is wrong with your setup, if not,
> something with your Mac.
>
> Regards
> Martin
>
> [1]http://demo.revosec.ch/
> [2]https://master.revosec.net/device/mobileconfig/62IUAFQH/62IUAFQH.mobileconfig
>
Hi Martin,

Thanks for the test. My MacBook says it could not validate the server
certificate.
At least this shows that my Macbook isn't completely broken.
If you want to have a look at the logs, my machine's IP address is
158.64.1.176 or 2001:a18:1:8:.....

The connection works on my iPhone.

The setup on Lion as well as on Mountain Lion uses a client certificate.
So this time, I'm not in a hybrid environment.

kind regards,
Claude

-- 
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120906/2fe7af16/attachment.pgp>

More information about the Users mailing list