[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: Re: [strongSwan] StrongSwan Mac OS X client
From: Noel Kuntze <noel () familie-kuntze ! de>
Date: 2015-02-23 20:53:24
Message-ID: 54EB9344.9040904 () familie-kuntze ! de
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello Fred,
You need to set the ID, if your clients send one that isn't exactly the same as the \
configured one (even implicitely). I think this is a problem with how the strongSwan \
application on Mac OS interacts with the dns settings of the operating system. I \
think if you add your weight to that issue, it might get some priority.
Mit freundlichen Grüßen/Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 21.02.2015 um 09:54 schrieb Fred:
> Hi all,
>
> I'm having a couple of problems with the Mac OS X app. Mac OS X v10.9.5 \
> (Mavericks).
> First problem is that I was having a problem with the DN not matching the hostname \
> even though I have a subjectAltName. I was getting constraint checking failed no \
> alternative config found. I worked around this by setting leftid= but I shouldn't \
> need to do this if I have specified the hostname in --san option to ipsec pki \
> command right? I've confirmed with ipsec pki --print and I can see the correct name \
> in altNames. In any case, the workaround is good for now, I just don't get why I \
> need to do it in the first place.
> Second problem seems to be one to do with utun1 and default routes. If I use the \
> native Cisco IPSEC configuration tool, my DNS servers and routes are all changed to \
> use utun0. When using the StrongSwan app utun1 is created with the correct virtual \
> IP and connects but DNS doesn't work. My local one is used because the Google DNS \
> servers are ADDED to my current DNS server list and in Mac OS X the order DNS \
> servers are used is based on which one is the most responsive. i.e. the one with \
> the lowest latency. So my local one is being used outside of the tunnel and this \
> isn't working. If I just set my DNS servers manually it seems to work, but netstat \
> -nr still shows most routes going via enX rather than utunX.
>
> Is this just a bug with not settings routes and DNS on the correct interface? \
> Possibly my second issue is this bug report : \
> https://wiki.strongswan.org/issues/522
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJU65NDAAoJEDg5KY9j7GZY6oEP/1MoC0aCoNUKrXrT6VgLxswo
dzrRdi26Rhu+Xdif70tfZULio5Ii7Y4G+9m+Ku0U9Ou0fAoVYntrfSp5b4pJe8y2
Z/8ntZHb4+0H+aqFSEXKL87vv4DxCaZLmwSgIy9eFywyRl6afsR8Jh1tPluqugSV
pH6AMnm8j6zsahkaaqFM7IogtFLCBA/rbFrfz0Me1M7VCNyLBWKiBDRtY2+2HE9L
MMiMgfuNkerz0OdJBT9tdMzIv1oxVyisZkqZLtECw10SD2Gg5x4GaCf2BOmpTQR8
LQTUTFRHpEIdw/a7C/AVwQwfjHOzqYVt2DE4UBh2C/eSRxlcQh4L3/ySuIMZraLu
BttEVh+RZI2tb7dV5f3IStTl+HEaTQZ1IhFQCSFGp+f1Z4foyCRZI1Sr6mWY/Htf
OQ5zERH6IQJ6B1DBFrSTc9p3lSoXnql2McPysKa4QgUcQwOVTl8Goj1WTaYv5Ydc
oY2yZ/P9mclhZ9NIG1ggDcQJ7xlnUrYSsN8pBHqWEyJ6dqwRkufVACh3qiod7uOm
Pa+RyLI0qF6zRzKqu+GRQb9iCMXsYFTBjh9Y99Ux42j1rtfwFR2uhzrKsK0vzM7L
Te3/rLt2PLEVsj7e+G9bPh/8nUhPsdyGdlzF+JV70mC6MIqj5BXXEP+O9zKSr1SM
7pNHdMAaHlf9Kyc7LDWL
=s7B3
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic