[strongSwan] Max OSX client

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Tue Mar 24 14:35:22 CET 2020


Hi,

Please make a log as described on the HelpRequests[1] page so we can help you figure out what's wrong.

Kind regards

Noel

[1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests

Am 24.03.20 um 14:26 schrieb Claude Tompers:
> Hi Tom,
> 
> leftsendcert is set. Here are the details of the config :
> 
> conn %default
>         keyexchange=ikev2
>         ikelifetime=60m
>         ike=aes256-sha256-modp2048,aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024!
>         esp=aes256-sha1,aes256-sha1,3des-sha1!
>         dpdaction=restart
>         dpddelay=60s
>         dpdtimeout=300s
>         keyingtries=5
>         inactivity=4h
>         lifetime=4h
>         left=strongswan.restena.lu
>         leftid=@strongswan.restena.lu
>         leftauth=pubkey
>         leftsendcert=always
>         leftcert=strongswan.restena.lu-cert.pem
>         leftsubnet=0.0.0.0/0,::/0
>         right=%any
>         rightauth=pubkey
>         rightsendcert=always
>         rekey=yes
>         reauth=yes
>         mobike=no
> 
> Apart from the default, every user is idenfied by it's certificate CN and is assigned to an IP pool
> 
> conn IKEv2-tech-ctompers
>         rightid="..."
>         rightsourceip=%pool-v4,%pool-v6
>         auto=add
> 
> We already had this issue in former versions when the native client was doing only IKEv1.
> 
> kind regards,
> Claude
> 
> On 24/03/2020 12:38, Tom Rymes wrote:
>> Claude,
>>
>> Have you followed the suggestions here?: https://wiki.strongswan.org/projects/strongswan/wiki/AppleClients#IKEv2-on-iOS-9-amp-macOS-1011-and-newer
>>
>> leftsendcert=always solves a similar issue for us, I believe.
>>
>> Perhaps you could post some details of your installation?
>>
>> Tom
>>
>> On Mar 24, 2020, at 6:56 AM, Claude Tompers <claude.tompers at restena.lu <mailto:claude.tompers at restena.lu>> wrote:
>>
>>> Hi all,
>>>
>>> Our whole team has issues with the native OSX VPN client not being very
>>> stable with our strongswan VPN server.
>>> Connections drop sometimes randomly but certainly after roughly 55 minutes.
>>> I'm wondering if anyone has the same issue and managed to solve it, or
>>> if there's another Mac VPN client that is stable ?
>>>
>>> kind regards,
>>> Claude
>>>
>>>
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200324/40096819/attachment-0001.sig>


More information about the Users mailing list