[strongSwan] Apple IOS 10 VPN

Sun Oct 30 17:59:47 CET 2016

On 30 Oct 2016, at 01:09, Derek Cameron <dcamero2016 at gmail.com> wrote:

> Here is a configuration that works for iOS 10: http://xpu.ca/strongswan-ubuntu/ <http://xpu.ca/strongswan-ubuntu/>

I’ve been following this myself and it works on my Android phone, but not on my
new OSX 10.12.1.

I get

	looking for peer configs matching <ExternalIP>[<CertDN>]…<RemoteIP>[turbo]
	no matching peer config found

On Android, I don’t have to enter the remote ID and it works with or without that (ends
up as “looking for … <ExternalIP>[%any]”). But on OSX I _must_ enter that.

Comparing the two connection attempts, that ‘looking for peer configs’ is _identical_, but
the OSX client doesn’t work.

If I don’t enter the ‘Local ID’ (it’s optional), then the ‘[turbo]’ parts ends up as it’s local
NAT address.

My config:

— snip —
config setup

conn %default
        keyexchange=ikev2
        left=<ExternalIP>
        leftid=“<CertDN>"
        leftcert=server.pem
        leftsubnet=0.0.0.0/0
        right=%any
        rightsourceip=192.168.6.0/24
        rightdns=192.168.6.1
        dpdaction=clear
— snip —

I had to put the DN in there because I got:

	loaded certificate “<CertDN>" from ’server.pem'
	id ’server.domain.tld' not confirmed by certificate, defaulting to ‘<CertDN>’
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161030/e7d9d21f/attachment.html>