[strongSwan] iOS ikev2 + radius

Martin Willi martin at strongswan.org
Wed Dec 17 15:47:35 CET 2014

Hi Denis,

>     leftcert=serverCert.pem
>     leftauth=pubkey

Likely that you need a proper leftid configured, one that the client
expects. Usually a FQDN of your server address is fine, but it should be
contained as subjectAltName in your serverCert. Not sure what exactly
iOS expects here. 

>     rightauth=eap-radius
> made .mobileconfig for iOS, imported ca cert.
> getting in log: no matching peer config found

I assume you have created a profile for EAP authentication? A little
more details from your log probably can help in analyzing the issue.

>     rightsubnet=
>     rightsourceip=

While unrelated, this is probably not what you want. You don't need that
full subnet, but just that single IP address that you assign to the
client. This can be achieved by setting rightsubnet=%dynamic, which is
the default if you don't specify that option.


More information about the Users mailing list