[strongSwan] Strongswan "native application" for OSX
Hasse Hagen Johansen
hasse-strongswan at hagenjohansen.dk
Sat Dec 20 14:48:10 CET 2014
Hi
I have a working ikev2 config for Windows7 with strongswan on openwrt
where I can successfully connect with windows7 & The strongswan android
client. The config is like this:
config setup
conn %default
keyexchange=ikev2
ike=aes256-sha1-modp1024!
esp=aes256-sha1!
dpdaction=clear
dpddelay=300s
rekey=no
conn win7
left=<public ip of the strongswan gateway on openwrt>
leftsubnet=<subnet behind the gateway>
leftfirewall=yes
lefthostaccess=yes
leftauth=pubkey
leftcert=gatewayCert.der
right=%any
rightsourceip=%dhcp
rightauth=eap-mschapv2
rightsendcert=never
eap_identity=%any
auto=start
Now I would like to have OSX connecting to it with the strongswan native
application, but I cannot get it to work and I am not sure which
certificates I should have in keychain on OSX. On android I only needed
the CA certificate.
I have tried with the caCertificate,gatewayCertificate but I always get
a message like this:
"no trusted RSA public key found for 'C=<masked>, O=<masked>,
CN=<masked>' where the DN matches my gatewayCertificate. I seems the
public key is included in the gatewayCertificate and I do have the
private key for it on the Openwrt
So what exactly is needed for the strongswan native app for OSX. I hope
someone can spell it out for me (because I am a little confused)
Best Regards
Hasse
More information about the Users
mailing list