Re: [strongSwan] Max OSX client

Tue, 24 Mar 2020 06:51:49 -0700 

Hi,

Please make a log as described on the HelpRequests[1] page so we can help you 
figure out what's wrong.

Kind regards

Noel

[1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests

Am 24.03.20 um 14:26 schrieb Claude Tompers:
> Hi Tom,
> 
> leftsendcert is set. Here are the details of the config :
> 
> conn %default
>         keyexchange=ikev2
>         ikelifetime=60m
>         
> ike=aes256-sha256-modp2048,aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024!
>         esp=aes256-sha1,aes256-sha1,3des-sha1!
>         dpdaction=restart
>         dpddelay=60s
>         dpdtimeout=300s
>         keyingtries=5
>         inactivity=4h
>         lifetime=4h
>         left=strongswan.restena.lu
>         [email protected]
>         leftauth=pubkey
>         leftsendcert=always
>         leftcert=strongswan.restena.lu-cert.pem
>         leftsubnet=0.0.0.0/0,::/0
>         right=%any
>         rightauth=pubkey
>         rightsendcert=always
>         rekey=yes
>         reauth=yes
>         mobike=no
> 
> Apart from the default, every user is idenfied by it's certificate CN and is 
> assigned to an IP pool
> 
> conn IKEv2-tech-ctompers
>         rightid="..."
>         rightsourceip=%pool-v4,%pool-v6
>         auto=add
> 
> We already had this issue in former versions when the native client was doing 
> only IKEv1.
> 
> kind regards,
> Claude
> 
> On 24/03/2020 12:38, Tom Rymes wrote:
>> Claude,
>>
>> Have you followed the suggestions here?: 
>> https://wiki.strongswan.org/projects/strongswan/wiki/AppleClients#IKEv2-on-iOS-9-amp-macOS-1011-and-newer
>>
>> leftsendcert=always solves a similar issue for us, I believe.
>>
>> Perhaps you could post some details of your installation?
>>
>> Tom
>>
>> On Mar 24, 2020, at 6:56 AM, Claude Tompers <[email protected] 
>> <mailto:[email protected]>> wrote:
>>
>>> Hi all,
>>>
>>> Our whole team has issues with the native OSX VPN client not being very
>>> stable with our strongswan VPN server.
>>> Connections drop sometimes randomly but certainly after roughly 55 minutes.
>>> I'm wondering if anyone has the same issue and managed to solve it, or
>>> if there's another Mac VPN client that is stable ?
>>>
>>> kind regards,
>>> Claude
>>>
>>>
>

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to