Hi Tobias, Thanks for pointing that out. I did put that in one of the subjectAltNames fields in openssl.cnf (I used openssl to generate the certificates), but it seems I didn't put it in the right section. After adding this to all sections available, the VPN runs fine. Thanks for your help!
Best Regards, Tony > Date: Tue, 28 Feb 2012 10:05:03 +0100 > From: tob...@strongswan.org > To: tonyzh...@hotmail.com > CC: 661...@bugs.debian.org > Subject: Re: strongswan: Compatibility for Apple iOS devices > > Hi Tony, > > > I cannot use iOS to connect to my server using IKEv1, prompting > > "could not validate server certificate" (I have installed both client > > p12 and CA certificate on the iOS device). > > This is more likely related to missing subjectAltNames in the gateway > certificate. You have to make sure the DNS name or IP address you > configure on the iOS device is contained as subjectAltName in the > gateway certificate. > > Regards, > Tobias