Hello Martin, Thanks a lot for your advice - that was cert issue, I regenerated certs, used fqdn instead of ip and everything worked fine.
17.12.2014, 16:47, "Martin Willi" <[email protected]>: > Hi Denis, >> leftcert=serverCert.pem >> leftauth=pubkey > > Likely that you need a proper leftid configured, one that the client > expects. Usually a FQDN of your server address is fine, but it should be > contained as subjectAltName in your serverCert. Not sure what exactly > iOS expects here. >> rightauth=eap-radius >> >> made .mobileconfig for iOS, imported ca cert. >> getting in log: no matching peer config found > > I assume you have created a profile for EAP authentication? A little > more details from your log probably can help in analyzing the issue. >> rightsubnet=10.0.0.0/24 >> rightsourceip=10.0.0.0/24 > > While unrelated, this is probably not what you want. You don't need that > full subnet, but just that single IP address that you assign to the > client. This can be achieved by setting rightsubnet=%dynamic, which is > the default if you don't specify that option. > > Regards > Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
