On Tue, 22 Jan 2019, Mr. Jan Walter wrote:
NVM on the roaming clients question, the server cert needs the extended data.
I generated a new vpn server cert with both the dns name, the local, and public
ip address in the Alt data.
I removed the esn= line from ipsec.conf, and now it gets this far, but the osx client
states "authentication failed":
Does the server cert have a SubjectAltname with vv.zzz.net ?
For OSX, you can also install the IKEv2 debug profile. The run the test
and make it fail, then check the system logs. If installed on a phone,
connect the phone to the laptop, sync and then you should have the
debug logs.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
