[strongSwan] iOS ikev2 + radius

Denis Zinevich link at ngc.net.ua
Wed Dec 17 22:16:12 CET 2014

Hello Martin,

Thanks a lot for your advice - that was cert issue, I regenerated certs, used fqdn instead of ip and everything worked fine.

17.12.2014, 16:47, "Martin Willi" <martin at strongswan.org>:
> Hi Denis,
>>      leftcert=serverCert.pem
>>      leftauth=pubkey
> Likely that you need a proper leftid configured, one that the client
> expects. Usually a FQDN of your server address is fine, but it should be
> contained as subjectAltName in your serverCert. Not sure what exactly
> iOS expects here.
>>      rightauth=eap-radius
>>  made .mobileconfig for iOS, imported ca cert.
>>  getting in log: no matching peer config found
> I assume you have created a profile for EAP authentication? A little
> more details from your log probably can help in analyzing the issue.
>>      rightsubnet=
>>      rightsourceip=
> While unrelated, this is probably not what you want. You don't need that
> full subnet, but just that single IP address that you assign to the
> client. This can be achieved by setting rightsubnet=%dynamic, which is
> the default if you don't specify that option.
> Regards
> Martin

More information about the Users mailing list