[strongSwan] Ios8 ikev2 certificates config

Markus Edemalm markus at edemalm.se
Sun Jan 11 15:49:41 CET 2015


I’m new to strongSwan and IPsec as a whole, but this is what I successfully use in iOS8 with IKEv2.

Relevant part of ipsec.conf:

conn me-iphone

Make sure you set both CN and SAN fields in your client cert. Use the same name as rightid in the connection part of ipsec.conf.

ipsec pki --pub --in private/iphone_key.pem --type rsa | ipsec pki --issue --lifetime XXX \
        --cacert cacerts/ca_cert.pem --cakey private/ca_key.pem --dn ”C=XX, O=XXXXX, CN=me-iphone.XXXXX.vpn" \
        --san me-iphone.XXXXX.vpn --outform pem > certs/me_iphone_cert.pem



> 8 jan 2015 kl. 02:28 skrev Alexey Popov <leha.popov at gmail.com>:
> Hi,
> I'm trying to setup ikev2 with certificates authorization for ios 8.
> I did as described in wiki and got "no matching peer config found" error when I connect from iphone, still connection from ubuntu desktop works fine.
> Could you please tell me what is wrong?
>  log, configs and .mobileconfig files are bellow
> http://pastebin.com/9eTQGgP8
> http://pastebin.com/JCe8EWQM
> http://pastebin.com/udL4B3A1
> http://pastebin.com/98WbTafe
> Many thanks.
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

More information about the Users mailing list