Bug#661524: strongswan: Compatibility for Apple iOS devices
Hi Tony, I cannot use iOS to connect to my server using IKEv1, prompting could not validate server certificate (I have installed both client p12 and CA certificate on the iOS device). This is more likely related to missing subjectAltNames in the gateway certificate. You have to make sure the DNS name or IP address you configure on the iOS device is contained as subjectAltName in the gateway certificate. Regards, Tobias -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#661524: strongswan: Compatibility for Apple iOS devices
Hi Tobias, Thanks for pointing that out. I did put that in one of the subjectAltNames fields in openssl.cnf (I used openssl to generate the certificates), but it seems I didn't put it in the right section. After adding this to all sections available, the VPN runs fine. Thanks for your help! Best Regards, Tony Date: Tue, 28 Feb 2012 10:05:03 +0100 From: tob...@strongswan.org To: tonyzh...@hotmail.com CC: 661...@bugs.debian.org Subject: Re: strongswan: Compatibility for Apple iOS devices Hi Tony, I cannot use iOS to connect to my server using IKEv1, prompting could not validate server certificate (I have installed both client p12 and CA certificate on the iOS device). This is more likely related to missing subjectAltNames in the gateway certificate. You have to make sure the DNS name or IP address you configure on the iOS device is contained as subjectAltName in the gateway certificate. Regards, Tobias
Bug#661524: strongswan: Compatibility for Apple iOS devices
Package: strongswan Version: 4.5.2-1.1~bpo60+1 Severity: wishlist Hi, I wonder if it's possible to enable this feature in the future builds of Strongswan? build option --enable-cisco-quirks in order to support iOS devices. Information could be found here: http://wiki.strongswan.org/projects/strongswan/wiki/IOS_%28Apple%29 Thanks! -- System Information: Debian Release: 6.0.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-xen-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages strongswan depends on: ii strongswan-ikev1 4.5.2-1.1~bpo60+1 strongSwan Internet Key Exchange ( ii strongswan-ikev2 4.5.2-1.1~bpo60+1 strongSwan Internet Key Exchange ( strongswan recommends no packages. Versions of packages strongswan suggests: pn network-manager-strongswannone (no description available) -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#661524: strongswan: Compatibility for Apple iOS devices
Hi Tony, I'm not sure if --enable-cisco-quirks is actually required to support iOS devices. I know our wiki says otherwise, but the page you refer to was written mainly by a user who apparently assumed the client on iOS devices is written by Cisco, which is a common misconception. The fact is, thought, that the client on the iOS devices is actually racoon (the Cisco logo and name is just for marketing reasons). Could you please try without the option (i.e. with the stock Debian package). If it works I will change the wiki page accordingly. Thanks, Tobias -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#661524: strongswan: Compatibility for Apple iOS devices
Hi Tobias, I'm currently using Strongswan 4.5.2 from squeeze-backports (since the version in stable doesn't support NAT-T, which is required for my case) and I cannot use iOS to connect to my server using IKEv1, prompting could not validate server certificate (I have installed both client p12 and CA certificate on the iOS device). Strongswan mailist suggested this is related to enable-cisco-quirks option, that's why I submit this bug. Thanks for your concern! Tony Date: Mon, 27 Feb 2012 23:04:50 +0100 From: tob...@strongswan.org To: 661...@bugs.debian.org CC: tonyzh...@hotmail.com Subject: Re: strongswan: Compatibility for Apple iOS devices Hi Tony, I'm not sure if --enable-cisco-quirks is actually required to support iOS devices. I know our wiki says otherwise, but the page you refer to was written mainly by a user who apparently assumed the client on iOS devices is written by Cisco, which is a common misconception. The fact is, thought, that the client on the iOS devices is actually racoon (the Cisco logo and name is just for marketing reasons). Could you please try without the option (i.e. with the stock Debian package). If it works I will change the wiki page accordingly. Thanks, Tobias