[strongSwan] Strongswan + Mac OSX

Claude Tompers claude.tompers at restena.lu
Mon Sep 17 15:15:16 CEST 2012


On 09/17/2012 01:46 PM, Martin Willi wrote:
> Hi,
>
>> Testwise, I created a new CA with the ipsec pki tool according to your
>> wiki page (Mac + IKEv1). (My old CA is done with TinyCA).
>> With those certificates I get the same result as for the revobox setup,
>> but still no connection on Mountain Lion or Lion.
> It seems that installing .mobileconfig profiles on OS X does not work as
> intended (or, at least, not exactly the same ways as on iOS). The CA
> certificate does not get installed properly for some reason. On iOS this
> seems to work fine.
>
> You may try to install the certificates manually, but don't forget to
> set proper ACLs. For the revobox setup, the "official" way on OS X uses
> an installer utility [1], not the .mobileconfig profile.
>
> But as your new certificates seem to work "better", I'd guest that there
> was indeed something wrong with your old ones.
>
> Regards
> Martin
>
> [1]https://master.revosec.net/installer/revo-installer.app.zip
>
Hi Martin,

FINALLY it works. :)
It seems that the profile installs the CA certificate in the login store
instead of the system store in keychain. At least that's the only
difference I see.

Thanks a lot for you help and patience.

kind regards,
Claude

-- 
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120917/df4d7bdd/attachment.pgp>


More information about the Users mailing list