[strongSwan] iOS ikev2 + radius
Denis Zinevich
link at ngc.net.ua
Wed Dec 17 22:16:12 CET 2014
Hello Martin,
Thanks a lot for your advice - that was cert issue, I regenerated certs, used fqdn instead of ip and everything worked fine.
17.12.2014, 16:47, "Martin Willi" <martin at strongswan.org>:
> Hi Denis,
>> leftcert=serverCert.pem
>> leftauth=pubkey
>
> Likely that you need a proper leftid configured, one that the client
> expects. Usually a FQDN of your server address is fine, but it should be
> contained as subjectAltName in your serverCert. Not sure what exactly
> iOS expects here.
>> rightauth=eap-radius
>>
>> made .mobileconfig for iOS, imported ca cert.
>> getting in log: no matching peer config found
>
> I assume you have created a profile for EAP authentication? A little
> more details from your log probably can help in analyzing the issue.
>> rightsubnet=10.0.0.0/24
>> rightsourceip=10.0.0.0/24
>
> While unrelated, this is probably not what you want. You don't need that
> full subnet, but just that single IP address that you assign to the
> client. This can be achieved by setting rightsubnet=%dynamic, which is
> the default if you don't specify that option.
>
> Regards
> Martin
More information about the Users
mailing list