Hi Noel, Before diving deeper into logs etc. Do these connection settings look good to you ? Thinking of all sorts of timers.
kind regards, Claude On 24/03/2020 14:35, Noel Kuntze wrote: > Hi, > > Please make a log as described on the HelpRequests[1] page so we can help you > figure out what's wrong. > > Kind regards > > Noel > > [1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests > > Am 24.03.20 um 14:26 schrieb Claude Tompers: >> Hi Tom, >> >> leftsendcert is set. Here are the details of the config : >> >> conn %default >> keyexchange=ikev2 >> ikelifetime=60m >> >> ike=aes256-sha256-modp2048,aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024! >> esp=aes256-sha1,aes256-sha1,3des-sha1! >> dpdaction=restart >> dpddelay=60s >> dpdtimeout=300s >> keyingtries=5 >> inactivity=4h >> lifetime=4h >> left=strongswan.restena.lu >> [email protected] >> leftauth=pubkey >> leftsendcert=always >> leftcert=strongswan.restena.lu-cert.pem >> leftsubnet=0.0.0.0/0,::/0 >> right=%any >> rightauth=pubkey >> rightsendcert=always >> rekey=yes >> reauth=yes >> mobike=no >> >> Apart from the default, every user is idenfied by it's certificate CN and is >> assigned to an IP pool >> >> conn IKEv2-tech-ctompers >> rightid="..." >> rightsourceip=%pool-v4,%pool-v6 >> auto=add >> >> We already had this issue in former versions when the native client was >> doing only IKEv1. >> >> kind regards, >> Claude >> >> On 24/03/2020 12:38, Tom Rymes wrote: >>> Claude, >>> >>> Have you followed the suggestions here?: >>> https://wiki.strongswan.org/projects/strongswan/wiki/AppleClients#IKEv2-on-iOS-9-amp-macOS-1011-and-newer >>> >>> leftsendcert=always solves a similar issue for us, I believe. >>> >>> Perhaps you could post some details of your installation? >>> >>> Tom >>> >>> On Mar 24, 2020, at 6:56 AM, Claude Tompers <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>>> Hi all, >>>> >>>> Our whole team has issues with the native OSX VPN client not being very >>>> stable with our strongswan VPN server. >>>> Connections drop sometimes randomly but certainly after roughly 55 minutes. >>>> I'm wondering if anyone has the same issue and managed to solve it, or >>>> if there's another Mac VPN client that is stable ? >>>> >>>> kind regards, >>>> Claude >>>> >>>>
signature.asc
Description: OpenPGP digital signature
