[strongSwan] VPN for iOS 10, "deleting half open IKE_SA after timeout"
Klaus Bernpaintner
klaus at bernpaintner.com
Fri Mar 17 01:45:58 CET 2017
Excellent Tobias, now it connects!
Thank you.
The only remaining question is how to get to the internet beyond the VPN server. I am using it to appear with a different IP address. After connection nothing is reachable. I use this configuration:
—
config setup
charondebug="cfg 2, dmn 2, ike 2, net 2"
conn %default
keyexchange=ikev2
leftsendcert=always
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
conn ios10
leftid=server
leftcert=peerCert.der
rightauth=eap-mschapv2
leftsubnet=0.0.0.0/0
rightsourceip=192.168.10.0/24 ### Added this to get an IP address
rightdns=8.8.8.8,8.8.4.4 ### Added this to get DNS servers
auto=add
--
Also, I ran these commands to enable forwarding (found on a different site):
# echo 1 > /proc/sys/net/ipv4/ip_forward
# echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
# echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
But I still cannot reach anything beyond the VPN server.
Any ideas?
> On Mar 16, 2017, at 4:01 PM, Tobias Brunner <tobias at strongswan.org> wrote:
>
> Hi Klaus,
>
>> Is that necessary? I use
>> username/password authentication of the clients and the clients don’t
>> care about the server certificate.
>
> Yes, the CA certificate (caCert.der) has to be installed on the clients.
> They won't trust the server certificate otherwise.
>
> Regards,
> Tobias
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170317/5503deff/attachment.html>
More information about the Users
mailing list