When I remember right, you need to have an external or DynDNS address, not a local.
Sent from my iPod Michael Am 12.09.2012 um 13:03 schrieb Tom Mazzotta <tmazzo...@titanmicro.com>: > Lonnie, > > I created the cert using Server Cert DNS Name = pbx2.lab.local. When I review > the cert, I can verify that's what's used for the CN. If I SSH to the box, I > can ping pbx2.lab.local (if returns the LAN interface IP). Is it possible > that I can't use the .local tld? > > tm > > -----Original Message----- > From: Lonnie Abelbeck [mailto:li...@lonnie.abelbeck.com] > Sent: Tuesday, September 11, 2012 11:52 PM > To: AstLinux Users Mailing List > Subject: Re: [Astlinux-users] IPsec Mobile w/ iPad & OSX 10.8 > > Hi Tom, > > My guess is you don't have the proper "Server Cert DNS Name:" entry. It is > packed as part of the certificate and must be a valid DNS name resolved by > the client, (more info in the URL you referenced). > > The bad news is if you make a change to "Server Cert DNS Name:", you must > re-create all new certificates and keys. Try with the iPad first, it is the > easiest to manage the certs/keys . > > Lonnie > > BTW, I personally use this all the time, even with Push Network defined as > you mentioned. > > > On Sep 11, 2012, at 9:38 PM, Tom Mazzotta wrote: > >> I'm trying to configure IPsec on a Astlinux 1.0.4 to connect to an iPad and >> a Mac. I configured the systems by following the directions at >> doc.astlinux.org/userdoc:tt_ipsec_vpn_apple_ios. I believe the only >> difference is that I included a push network for the LAN side of the >> AstLinux box. Neither of the client devices are able to connect >> successfully. The error message I get from the iPad is "Could not validate >> the server certificate." The Mac says "the negotiation with the VPN server >> failed. Verify the server address and try reconnecting." Below is the log >> from when I try to connect with the iPad. Since this is all being done in a >> test environment, all the IP's are private, 192.168.1.216 is the WAN i/f of >> Astlinux, and .25 is the IP of the iPad. Originally, the WAN i/f was >> assigned via DHCP using a MAC reservation from my router. I retested using a >> static definition with Astlinux, and that didn't seem to help. Any >> suggestions as to what might be the problem? >> >> Sep 11 22:15:51 pbx2 daemon.info racoon: INFO: respond new phase 1 >> negotiation: 192.168.1.216[500]<=>192.168.1.25[500] >> Sep 11 22:15:51 pbx2 daemon.info racoon: INFO: begin Identity Protection >> mode. >> Sep 11 22:15:51 pbx2 daemon.info racoon: INFO: received Vendor ID: RFC >> 3947 Sep 11 22:15:51 pbx2 daemon.info racoon: INFO: received Vendor >> ID: draft-ietf-ipsec-nat-t-ike-08 Sep 11 22:15:51 pbx2 daemon.info >> racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-07 Sep 11 >> 22:15:51 pbx2 daemon.info racoon: INFO: received Vendor ID: >> draft-ietf-ipsec-nat-t-ike-06 Sep 11 22:15:51 pbx2 daemon.info racoon: >> INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-05 Sep 11 >> 22:15:51 pbx2 daemon.info racoon: INFO: received Vendor ID: >> draft-ietf-ipsec-nat-t-ike-04 Sep 11 22:15:51 pbx2 daemon.info racoon: >> INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03 Sep 11 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
