Project

General

Profile

Bug #5353

Add leftsendcert=always to ipsec.conf for mobile profiles using IKEv2 and EAP to better accommodate iOS 9/OS X 10.11

Added by Jim Pingle about 4 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
IPsec
Target version:
Start date:
10/28/2015
Due date:
% Done:

100%

Estimated time:
Affected Version:
All
Affected Architecture:
All

Description

The IKEv2 client on iOS 9 and OS X wants strongSwan to use leftsendcert=always when using a manual configuration. A VPN profile can be nudged the right way to not need it, but it does not seem to have any detrimental effects on other connections. With leftsendcert=always I can make connections from iOS 9.1, OS X 10.11.1, Android 4.x with the strongSwan App, Windows 10, and Linux Mint 17.2 via NetworkManager. Without leftsendcert=always, manual connections from iOS and OS X fail.

Ran it by mgsmith and he didn't see any problem with setting it.

I've got a patch I'll push momentarily.

Associated revisions

Revision 50de9fa8 (diff)
Added by Jim Pingle about 4 years ago

Set leftsendcert=always for IKEv2 configurations with certificates to better accommodate OS X and iOS manual configurations. Fixes #5353

Revision 76827b9c (diff)
Added by Jim Pingle about 4 years ago

Set leftsendcert=always for IKEv2 configurations with certificates to better accommodate OS X and iOS manual configurations. Fixes #5353

History

#1 Updated by Jim Pingle about 4 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#3 Updated by Jim Pingle about 4 years ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF