[strongSwan] Max OSX client

Claude Tompers claude.tompers at restena.lu
Tue Mar 24 14:26:05 CET 2020 

Hi Tom,

leftsendcert is set. Here are the details of the config :

conn %default
        keyexchange=ikev2
        ikelifetime=60m
       
ike=aes256-sha256-modp2048,aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024!
        esp=aes256-sha1,aes256-sha1,3des-sha1!
        dpdaction=restart
        dpddelay=60s
        dpdtimeout=300s
        keyingtries=5
        inactivity=4h
        lifetime=4h
        left=strongswan.restena.lu
        leftid=@strongswan.restena.lu
        leftauth=pubkey
        leftsendcert=always
        leftcert=strongswan.restena.lu-cert.pem
        leftsubnet=0.0.0.0/0,::/0
        right=%any
        rightauth=pubkey
        rightsendcert=always
        rekey=yes
        reauth=yes
        mobike=no

Apart from the default, every user is idenfied by it's certificate CN
and is assigned to an IP pool

conn IKEv2-tech-ctompers
        rightid="..."
        rightsourceip=%pool-v4,%pool-v6
        auto=add

We already had this issue in former versions when the native client was
doing only IKEv1.

kind regards,
Claude

On 24/03/2020 12:38, Tom Rymes wrote:
> Claude,
>
> Have you followed the suggestions
> here?: https://wiki.strongswan.org/projects/strongswan/wiki/AppleClients#IKEv2-on-iOS-9-amp-macOS-1011-and-newer
>
> leftsendcert=always solves a similar issue for us, I believe.
>
> Perhaps you could post some details of your installation?
>
> Tom
>
> On Mar 24, 2020, at 6:56 AM, Claude Tompers <claude.tompers at restena.lu
> <mailto:claude.tompers at restena.lu>> wrote:
>
>> Hi all,
>>
>> Our whole team has issues with the native OSX VPN client not being very
>> stable with our strongswan VPN server.
>> Connections drop sometimes randomly but certainly after roughly 55
>> minutes.
>> I'm wondering if anyone has the same issue and managed to solve it, or
>> if there's another Mac VPN client that is stable ?
>>
>> kind regards,
>> Claude
>>
>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200324/17f5c036/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200324/17f5c036/attachment.sig>

More information about the Users mailing list