[strongSwan] iOS 6 & Strongswan 5.0.4

Paton, Andy andy.paton at hp.com
Tue Jun 25 17:59:53 CEST 2013


Thanks for the responses - getting a little closer now, I am now getting an error saying that iOS could't verify the server certificate.

Looking into it, the profiles where I installed the certificates, the CA Cert states 'Trusted', but the Client certificate is stating 'Untrrusted'. Even though the CA is installed.

Any ideas how to solve this one? The CA was installed before trying to install the client certificate.

Andy Paton

-----Original Message-----
From: users-bounces+andy.paton=hp.com at lists.strongswan.org [mailto:users-bounces+andy.paton=hp.com at lists.strongswan.org] On Behalf Of Brian Mastenbrook
Sent: 25 June 2013 15:58
To: Jeremy Beker
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] iOS 6 & Strongswan 5.0.4

Hi Jeremy,

Does this handle rekeying? I found that all iOS and OS X connections dropped after an hour, which is when Apple's IKE wants to rekey. The xauth-noauth plugin works for my case, but it's basically just faking xauth and relying on certificates.


On Jun 25, 2013, at 7:31 AM, Jeremy Beker <gothmog at confusticate.com> wrote:

> Andy,
> I've had an iOs configuration that I have used for a while.  I use it to route all traffic through (for when I am on the road at untrusted WiFi) rather than just to get to internal resources. Here is the config I have been using:
> conn ios-ikev1
>        keyexchange=ikev1
>        authby=xauthrsasig
>        xauth=server
>        left=%defaultroute
>        leftsubnet=
>        leftfirewall=yes
>        leftcert=serverCert.pem
>        right=%any
>        rightsubnet=
>        rightsourceip=
>        auto=add
> This is using StrongSwan 5.0.4 and the latest iOS (although it has worked for a while).
> -Jeremy
> --
> Jeremy Beker - gothmog at confusticate.com http://www.confusticate.com 
> Condensing fact from the vapor of nuance.
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

Users mailing list
Users at lists.strongswan.org

More information about the Users mailing list