Hi together,
i have successfully running the iPhone together with the newest
Strongswan-Version V4.3.4rc2.
You have to do the folloing:
1.) Create a Server-Certificate with the DNS-Name (DynDNS-Name) in the
CommonName-Field
of the certificate
2.) ipsec.secrets
: RSA key_iphone-server.pem <password>
: XAUTH iphone "iphone"
3.) ipsec.conf
config setup
plutodebug=none
uniqueids=yes
nat_traversal=yes
interfaces="%defaultroute"
conn %default
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
keyingtries=1
keylife=20m
ikelifetime=240m
conn iphone
auto=add
dpdaction=clear
authby=xauthrsasig
xauth=server
pfs=no
leftcert=public_iphone-server.pem
left=<serverip>
leftsubnet=0.0.0.0/0
right=%any
rightsourceip=<virtual client ip>
rightcert=public_iphone-client.pem
4.) on the iPhone
- Import the iphone-client Certificate in p12-Format
- Import the CA Certificate in pem-Format
- Configure an IPSEC-VPN with the iphone-client Certificate and
use as Server the DNS-Name (DynDNS-Name). It has to be the same than the
one in
the Server-Certificate (Point 1.)
That's it, try it out and enjoy the nice POP-Up-Window !!!
kind regards,
Michael
--
Michael Niehren __ _ powered by
/ / (_)__ __ ____ __
/ /__/ / _ \/ // /\ \/ /
/____/_/_//_/\_,_/ /_/\_\
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
