Bug #5353
Add leftsendcert=always to ipsec.conf for mobile profiles using IKEv2 and EAP to better accommodate iOS 9/OS X 10.11
100%
Description
The IKEv2 client on iOS 9 and OS X wants strongSwan to use leftsendcert=always when using a manual configuration. A VPN profile can be nudged the right way to not need it, but it does not seem to have any detrimental effects on other connections. With leftsendcert=always I can make connections from iOS 9.1, OS X 10.11.1, Android 4.x with the strongSwan App, Windows 10, and Linux Mint 17.2 via NetworkManager. Without leftsendcert=always, manual connections from iOS and OS X fail.
Ran it by mgsmith and he didn't see any problem with setting it.
I've got a patch I'll push momentarily.
Associated revisions
Set leftsendcert=always for IKEv2 configurations with certificates to better accommodate OS X and iOS manual configurations. Fixes #5353
History
#1
Updated by Jim Pingle about 5 years ago
Updated by - Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 50de9fa88581b487918faddefd286caccc14b28c.
#2
Updated by Jim Pingle about 5 years ago
Applied in changeset 76827b9cedc8a816023aa2b882844b883a7fa8c8.
#3
Updated by Jim Pingle about 5 years ago
- Status changed from Feedback to Resolved
Set leftsendcert=always for IKEv2 configurations with certificates to better accommodate OS X and iOS manual configurations. Fixes #5353