[strongSwan] Mac OS X 10.9 Mavericks - StrongSwan Native Application - constraint checking failed

Fred Kilbourn fred at fredk.com
Fri Nov 1 15:15:01 CET 2013


Martin,

> I assume you are referring to our new OS X App with the GUI? There is no
> external dependency; no homebrew packages required for it.

Ah, I thought the app was maybe just a frontend, I wasn't sure if I was supposed to be matching the backend version or what.  Might make that clearer on the wiki page.

> In the meantime, you may check if there is a way to configure the server
> to send a FQDN instead a DN as IDr. Not sure if/how this can be done
> with Windows Server.

I'll see what I can figure out, now that I understand the problem might be simpler to fix on the server side.

> That Mavericks crasher should have been fixed with 5.1.1-1.

Now that I understand there isn't an external dependency I'll use the latest version, thanks.

> I've pushed a new release [1] that should accept other identities as
> long as the FQDN is in the certificate as subjectAltName. Please let me
> know if that works with your setup.

I tested the newest release and got the same error, I'll try working with the server, let me know if you can try another fix on the app.  The vpn cert does indeed have the vpn hostname as the CN and in subjectAltNames, I'll see if I can figure out how to change the way the server presents the identity.

Thank you very much for your fast and useful feedback.

Regards,
Fred Kilbourn





More information about the Users mailing list