On 01.06.16 10:24 Evgeniy Ivanov wrote: > conn %default > keyexchange=ikev2 > ike=aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024! # Win7 > is aes256, sha-1, modp1024; iOS is aes256, sha-256, modp1024; OS X is > 3DES, sha-1, modp1024 > esp=aes256-sha256,aes256-sha1,3des-sha1! # Win 7 is aes256-sha1, iOS is > aes256-sha256, OS X is 3des-shal1 > dpdaction=clear > dpddelay=300s > rekey=no > left=%any > leftid="my.left.id" > leftsubnet=0.0.0.0/0 > leftcert=fullchain.pem > right=%any > rightdns=172.16.0.1 > rightsourceip=10.168.30.0/24 > > conn IPSec-IKEv2 > keyexchange=ikev2
That line is already in %default, you could omiss it. > auto=add > > conn IPSec-IKEv2-EAP > also="IPSec-IKEv2" > rightauth=eap-radius > rightsendcert=never > eap_identity=%any I am not sure if the iphone can handle IKEv2-EAP, but as you miss auth settings in the first connection, it uses the EAP one. These lines from your logs: > Jun 1 08:19:34 13[IKE] <IPSec-IKEv2|24> peer requested EAP, config > inacceptable > Jun 1 08:19:34 13[CFG] <IPSec-IKEv2|24> switching to peer config > 'IPSec-IKEv2-EAP' I am not sure about iOS9, but I guess it can handler IKEv2 with certificates, or IKEv2 with XAuth, at least that is what I under stand here: https://raymii.org/s/tutorials/IPSEC_vpn_with_CentOS_7.html https://www.zeitgeist.se/2013/11/22/strongswan-howto-create-your-own-vpn/ https://wiki.strongswan.org/projects/strongswan/wiki/IOS_%28Apple%29 Johannes
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
