[strongSwan] Strongswan + Mac OSX

Martin Willi martin at strongswan.org
Mon Sep 17 13:46:07 CEST 2012


Hi,

> Testwise, I created a new CA with the ipsec pki tool according to your
> wiki page (Mac + IKEv1). (My old CA is done with TinyCA).
> With those certificates I get the same result as for the revobox setup,
> but still no connection on Mountain Lion or Lion.

It seems that installing .mobileconfig profiles on OS X does not work as
intended (or, at least, not exactly the same ways as on iOS). The CA
certificate does not get installed properly for some reason. On iOS this
seems to work fine.

You may try to install the certificates manually, but don't forget to
set proper ACLs. For the revobox setup, the "official" way on OS X uses
an installer utility [1], not the .mobileconfig profile.

But as your new certificates seem to work "better", I'd guest that there
was indeed something wrong with your old ones.

Regards
Martin

[1]https://master.revosec.net/installer/revo-installer.app.zip





More information about the Users mailing list