Hi Lonnie,
I've just tested it and it stops where it tries to validate the server
certificate. We ran into this when developing the solution for iOS. Here we
just added the extra field "subjectAltName" and provide the server's FQDN. iOS
is happy with either the common name or the subjectAltName matching the server
name.
Mac OSX is apparently different in this respect. From what I read it only
checks the common name, which is in our case always 'server', but not the FQDN
of the system. Lonnie, is there any chance to change this or what's the reason
we always set this to "server"?
From Apple docs: "IP Security (IPsec): When certificates are used to secure
Internet Protocol communications (for example, in establishing a VPN
connection), the name in the server’s certificate must match its DNS host name.
The host name check is not performed for client certificates. If an extended
key usage field is present, it must contain an appropriate value."
Regards
Ingmar
Am 25.04.2012 um 17:42 schrieb Lonnie Abelbeck:
> Hi David,
>
> Well, it *should* but I can't get it to work, and from googling I am not
> alone. It complains about some certificate issue. Though for OS X, OpenVPN
> is my first VPN choice and IPSecuritas
> http://www.lobotomo.com/products/IPSecuritas/
>
> works fine with IPsec + XAuth with certificates on OS X.
>
> Though, it would sure be nice if the built-in OS X IPsec (Cisco) VPN client
> would be interoperable with iOS.
>
> Lonnie
>
>
>
> On Apr 25, 2012, at 10:24 AM, David Kerr wrote:
>
>> Lonnie,
>> Will the iOS VPN configuration also work with the Mac OS X built-in VPN
>> client?
>>
>> Thanks
>> David
>>
>>
>> On Wed, Apr 25, 2012 at 11:17 AM, Lonnie Abelbeck
>> <[email protected]> wrote:
>> AstLinux Users,
>>
>> The AstLinux Team would like to offer a preview to AstLinux 1.0.3.
>>
>> Keep in mind this is not a release candidate, some additions/changes may
>> occur before the final AstLinux 1.0.3 release. The preview changes are
>> shown here...
>>
>> Additions for AstLinux 1.0.3:
>> http://astlinux.svn.sourceforge.net/viewvc/astlinux/branches/1.0/docs/ChangeLog.txt
>>
>> The AstLinux Custom Build Engine is used to generate your custom preview,
>> the default configurations are already built...
>>
>> Build AstLinux SVN Image:
>> http://build.astlinux.org/admin/build.php?version=svn
>>
>> One particularly compelling new feature is support for IPsec + XAuth with
>> certificates, providing more interoperability to various mobile VPN clients.
>> In particular for Apple's iOS devices.
>>
>> IPsec VPN for Apple iOS
>> http://doc.astlinux.org/userdoc:tt_ipsec_vpn_apple_ios
>>
>> We have tested this extensively with iOS 5.1 clients, but welcome reports
>> from other mobile devices, Android, etc.. . The above documentation should
>> apply, in the general sense, to most any mobile device that supports IPsec +
>> XAuth with certificates.
>>
>> All feedback is appreciated.
>>
>> AstLinux Team
>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> Astlinux-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>>
>> Donations to support AstLinux are graciously accepted via PayPal to
>> [email protected].
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats.
>> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________
>> Astlinux-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>>
>> Donations to support AstLinux are graciously accepted via PayPal to
>> [email protected].
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Astlinux-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> [email protected].
--
Bye, Ingmar Schraub e-mail : [email protected]
eSeCo GmbH & Co. KG Web : http://www.eseco.de
Darmstädter Straße 123 phone : +49 6251 702988 0
D-64625 Bensheim fax : +49 6251 58360 83
Germany mobile : +49 173 6711767
Registergericht: Darmstadt, HRA 40930
Geschäftsführer: Ingmar Schraub
Hauptsitz: Herrnwaldstr. 6, D-64625 Bensheim
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Astlinux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
[email protected].
