On 09/06/2012 12:20 PM, Martin Willi wrote: > Claude, > >> The other Mountain Lion had the exact same behaviour as mine (also >> 10.8.1), > Strange, as my 10.8.1 works just fine. > >> the one with Lion installed 'only' complained about not being >> able to verify the server certificate. > Please be aware that Hybrid authentication did not work correctly in > Lion, failing with a certificate validation error. You'll have to use a > client certificate on Lion. > >> I also found this topic in an Apple Forum [...] I'm wondering if that >> problem is related. > Hard to say. One thing to consider with Mountain Lion is that > certificates now need a proper ACL on the private key for authentication > (set to racoon). This might be the problem with that L2TP/IPsec issue, > but not with Hybrid authenticated clients (and your error, the profile > installer sets ACLs just fine). > > You may try to test against our revobox demo setup [1] that uses > strongSwan and works fine here. An iOS / OS X profile is available at > [2], after installation you should be able to connect with "tester" / > "test". If this works, something is wrong with your setup, if not, > something with your Mac. > > Regards > Martin > > [1]http://demo.revosec.ch/ > [2]https://master.revosec.net/device/mobileconfig/62IUAFQH/62IUAFQH.mobileconfig > Hi Martin,
Thanks for the test. My MacBook says it could not validate the server certificate. At least this shows that my Macbook isn't completely broken. If you want to have a look at the logs, my machine's IP address is 158.64.1.176 or 2001:a18:1:8:..... The connection works on my iPhone. The setup on Lion as well as on Mountain Lion uses a client certificate. So this time, I'm not in a hybrid environment. kind regards, Claude -- Claude Tompers Ingénieur réseau et système Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
