Hi Fred, > I am trying to get the mac osx native application to connect to it > (tested 5.1.0-4 and 5.1.1-1) using strongswan installed via homebrew.
I assume you are referring to our new OS X App with the GUI? There is no external dependency; no homebrew packages required for it. > 13[IKE] authentication of 'CN=vpn-host.subdomain.domain.com' with EAP > successful > 13[CFG] constraint check failed: identity 'vpn-host.subdomain.domain.com' > required Your server authenticates with the Distinguished Name 'CN=vpn-host.subdomain.domain.com' as IKE identity. That currently does not work with the OS X App, because the client requires an FQDN identity of vpn-host.subdomain.domain.com. I'll prepare a new release of the App that allows identity matching against certificate subjectAltNames (instead of the strict IDr matching). That should enable the same behavior as on Android. In the meantime, you may check if there is a way to configure the server to send a FQDN instead a DN as IDr. Not sure if/how this can be done with Windows Server. > OS x version is 10.9 mavericks. > 000 (-[OS_xpc_connection_xref_dispose]+0x11) [0x7fff870b51ce] That Mavericks crasher should have been fixed with 5.1.1-1. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
