[strongSwan] Ios8 ikev2 certificates config
Markus Edemalm
markus at edemalm.se
Sun Jan 11 15:49:41 CET 2015
Hi,
I’m new to strongSwan and IPsec as a whole, but this is what I successfully use in iOS8 with IKEv2.
Relevant part of ipsec.conf:
conn me-iphone
right=%any
rightdns=1.2.3.4,5.6.7.8
rightid=me-iphone.XXXXX.vpn
rightsourceip=192.168.0.10
Make sure you set both CN and SAN fields in your client cert. Use the same name as rightid in the connection part of ipsec.conf.
ipsec pki --pub --in private/iphone_key.pem --type rsa | ipsec pki --issue --lifetime XXX \
--cacert cacerts/ca_cert.pem --cakey private/ca_key.pem --dn ”C=XX, O=XXXXX, CN=me-iphone.XXXXX.vpn" \
--san me-iphone.XXXXX.vpn --outform pem > certs/me_iphone_cert.pem
Regards,
-ME
> 8 jan 2015 kl. 02:28 skrev Alexey Popov <leha.popov at gmail.com>:
>
> Hi,
> I'm trying to setup ikev2 with certificates authorization for ios 8.
>
> I did as described in wiki and got "no matching peer config found" error when I connect from iphone, still connection from ubuntu desktop works fine.
>
> Could you please tell me what is wrong?
> log, configs and .mobileconfig files are bellow
> http://pastebin.com/9eTQGgP8
> http://pastebin.com/JCe8EWQM
> http://pastebin.com/udL4B3A1
> http://pastebin.com/98WbTafe
>
> Many thanks.
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
More information about the Users
mailing list