[strongSwan] Max OSX client

Claude Tompers claude.tompers at restena.lu
Thu Mar 26 08:46:31 CET 2020 

Hi Noel,

Before diving deeper into logs etc. Do these connection settings look
good to you ? Thinking of all sorts of timers.

kind regards,
Claude


On 24/03/2020 14:35, Noel Kuntze wrote:
> Hi,
>
> Please make a log as described on the HelpRequests[1] page so we can help you figure out what's wrong.
>
> Kind regards
>
> Noel
>
> [1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests
>
> Am 24.03.20 um 14:26 schrieb Claude Tompers:
>> Hi Tom,
>>
>> leftsendcert is set. Here are the details of the config :
>>
>> conn %default
>>         keyexchange=ikev2
>>         ikelifetime=60m
>>         ike=aes256-sha256-modp2048,aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024!
>>         esp=aes256-sha1,aes256-sha1,3des-sha1!
>>         dpdaction=restart
>>         dpddelay=60s
>>         dpdtimeout=300s
>>         keyingtries=5
>>         inactivity=4h
>>         lifetime=4h
>>         left=strongswan.restena.lu
>>         leftid=@strongswan.restena.lu
>>         leftauth=pubkey
>>         leftsendcert=always
>>         leftcert=strongswan.restena.lu-cert.pem
>>         leftsubnet=0.0.0.0/0,::/0
>>         right=%any
>>         rightauth=pubkey
>>         rightsendcert=always
>>         rekey=yes
>>         reauth=yes
>>         mobike=no
>>
>> Apart from the default, every user is idenfied by it's certificate CN and is assigned to an IP pool
>>
>> conn IKEv2-tech-ctompers
>>         rightid="..."
>>         rightsourceip=%pool-v4,%pool-v6
>>         auto=add
>>
>> We already had this issue in former versions when the native client was doing only IKEv1.
>>
>> kind regards,
>> Claude
>>
>> On 24/03/2020 12:38, Tom Rymes wrote:
>>> Claude,
>>>
>>> Have you followed the suggestions here?: https://wiki.strongswan.org/projects/strongswan/wiki/AppleClients#IKEv2-on-iOS-9-amp-macOS-1011-and-newer
>>>
>>> leftsendcert=always solves a similar issue for us, I believe.
>>>
>>> Perhaps you could post some details of your installation?
>>>
>>> Tom
>>>
>>> On Mar 24, 2020, at 6:56 AM, Claude Tompers <claude.tompers at restena.lu <mailto:claude.tompers at restena.lu>> wrote:
>>>
>>>> Hi all,
>>>>
>>>> Our whole team has issues with the native OSX VPN client not being very
>>>> stable with our strongswan VPN server.
>>>> Connections drop sometimes randomly but certainly after roughly 55 minutes.
>>>> I'm wondering if anyone has the same issue and managed to solve it, or
>>>> if there's another Mac VPN client that is stable ?
>>>>
>>>> kind regards,
>>>> Claude
>>>>
>>>>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200326/7877ed61/attachment-0001.sig>

More information about the Users mailing list