Hi Miroslav, > I had the following working config which nevertheless prompts for > username and password on the device (iPhone):
The whole point of XAuth authentication is to verify a username/password combination. You may disable XAuth if you don't want that. Not sure if that can be configured in the iPhone UI, though. > What can I do to use the CN value from certificate for radius account > instead being prompted for the username and pwd? You are "being prompted" regardless of RADIUS accounting, that is unrelated. It is XAuth that prompts for username/password. If a peer authenticates more than once (such as with XAuth), the identity used for RADIUS accounting is the last identity authenticated. When using XAuth, it is the XAuth username. > 14[CFG] looking for XAuthInitRSA peer configs matching > 10.30.10.213...10.30.10.121[00=AdaptiveMobile, CN=iphone-miro"] > 14[IKE] no peer config found A little more from your log, and the output of "ipsec statusall" would certainly help in debugging this issue. If your client is using Aggressive Mode, you'll have to set aggressive=yes in ipsec.conf to match the connection. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
