chainfasad.blogg.se - Apple configuration utility error certificate not working

So use a FQDN, email address, or an IP address as server identity ( leftid, Remote ID in iOS, and SAN in the server certificate). While you don't really see a difference it the log looking for peer configs matching xx.xx, this identity just looks like a stringified DN, but is, in fact, just a string of characters as you typed them in the client config. So far such identities have not been transmitted as ASN.1 encoded DNs but as plain strings with type FQDN, so strongSwan is not able to match that to a config that has a DN as leftid.

Unless Apple fixed it by now, iOS does not support DNs as identities (as documented on AppleIKEv2Profile).

So configure as the client's identity (this must be contained as subjectAltName in the client certificate). xx.xx, which won't match your rightid or the client certificate. It makes the client use its IP address as identity. Looks like there is still something wrong with the certificate?

Authentication: Select P12 certificateĭec 12 20:51:56 localhost charon: 13 received packet: from xx.xx to xx.xx (388 bytes)ĭec 12 20:51:56 localhost charon: 13 parsed IKE_SA_INIT request 0 ĭec 12 20:51:56 localhost charon: 13 xx.xx is initiating an IKE_SAĭec 12 20:51:56 localhost charon: 13 remote host is behind NATĭec 12 20:51:56 localhost charon: 13 sending cert request for "C=CH, O=strongSwan, CN=strongSwan Root CA"ĭec 12 20:51:56 localhost charon: 13 generating IKE_SA_INIT response 0 ĭec 12 20:51:56 localhost charon: 13 sending packet: from xx.xx to xx.xx (337 bytes)ĭec 12 20:51:56 localhost charon: 14 received packet: from xx.xx to xx.xx (444 bytes)ĭec 12 20:51:56 localhost charon: 14 parsed IKE_AUTH request 1 ĭec 12 20:51:56 localhost charon: 14 looking for peer configs matching xx.xx.xx.xxĭec 12 20:51:56 localhost charon: 14 no matching peer config foundĭec 12 20:51:56 localhost charon: 14 received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC paddingĭec 12 20:51:56 localhost charon: 14 peer supports MOBIKEĭec 12 20:51:56 localhost charon: 14 generating IKE_AUTH response 1 ĭec 12 20:51:56 localhost charon: 14 sending packet: from xx.xx to xx.xx (76 bytes) P12 certificate issued to In IOS9 configuration:Ī. Certificate subject name is "C=CH, O=strongSwan, CN="Ģ. Would like to see some guidance to my problem.ġ.