On Tue, 20 Apr 2021, Blue Aquan wrote:
Hi Team Libreswan
I have a Libreswan 4.3 (netkey) running on CentOS 8 which has a roadwarrior
setup with the following configuration. All through I followed this
guide https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2
With a Linux client, the setup works flawlessly, but I am unable to replicate
the same on a Mac client. I tried following the same step by creating a
certificate for the
Mac client, but the Mac client throws up a lot of errors. I want to know if
there's any standard procedure to follow while connecting from a Mac client...?
On a Linux, the same procedure works perfectly fine
On VPN Server
conn COMET
left=1.2.3.4
leftsubnet=192.168.1.0/24
leftcert=sun.abc.com
[email protected]
Note that for a Mac to accept this ID, it MUST appear as a
subjectAltName (SAN) of the type DNS: inside the certificate.
The mac also needs to have the CAcert that signed it of course. But it
should have that if you used a PKCS#12 formatted file (.p12).
Note that in the past, I've had issues with a MAC and its configuration
tool when you add a new connection and set it to PSK and fill in the ID,
and then change it to certificate. It somehow still would use the wrong
old ID instead of the cert. You might want to just delete the conn and
start a new one from scratch where you never select PSK or will in the
ID manually.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
