[strongSwan] how to tell the iphone to send the issuer certificate?

Harald Dunkel harald.dunkel at aixigo.de
Wed Nov 4 08:17:23 CET 2015

To send an update:

I found a working (more or less) configuration.

Somehow strongswan doesn't use the DN of the iphone's
certificate as the remote ID, but either the FQDN, IPv4
address or IPv6 address. (I didn't check USER_FQDN.)
Probably this is influenced by the iphone somehow?

In the iphone's config settings I had to explicitly set
the Local ID to the CN mentioned in the certificate. If
I leave this Local ID field empty, then strongswan uses
the iphone's IP address as the identifier.

This name has to be set in the Subject Alt Name in the
iphone's certificate as well.

Platform: IOS 9.1, strongswan 5.3.3 on Jessie

Hope this is helpful to anybody. Regards

More information about the Users mailing list