Categories
iOS OS X VPN 操作系统相关

IPSec VPN Working for OS X Mavericks

By @sskaje
Link: https://sskaje.me/2014/04/ipsec-vpn-working-os-mavericks/

In iOS IPSec VPN Server on Ubuntu, I host a VPN on Ubuntu 13.10 based on StrongSwan 4.x, working for iOS, but not for OSX.

Then I upgraded to Ubuntu 14.04, which has StrongSwan upgraded to 5.x, error like:

To fix this, install all strongswan’s plugins by:

And make some changes to configurations:
/etc/ipsec.conf:

/etc/strongswan.conf:
Replace with strongswan.conf.dpkg-dist

After these, VPN is connectable by OS X but DNS settings is not pushed to the client-side

/etc/strongswan.d/charon.conf:

DONE.

If you get a error saying the certificate is not trusted, and then check /var/log/system.log, you may found

If you have debug logging enabled in /etc/racoon/racoon.conf like

You may see more detail in /var/log/racoon.log, kSecTrustResultRecoverableTrustFailure might be a useful keyword.
Google it, the only useful article is http://www.traud.de/vpn/ but still not working here.

I tried on my macbook pro, and also as a dude told me, the Root CA I gave and the mobileconfig worked without any error nor warning.
But on my mac mini and from some others, error like above, which stopped me getting ipsec on os x work before.

I tried to delete the certificate, both root ca and client’s, from Keychain Access app, and the mobileconfig from Profiles in Preferences, reinstall like firstly CA secondly mobileconfig, check if the mobileconfig is signed and has passed the certificate verification, green light on then there it goes.

IPSec VPN Working for OS X Mavericks by @sskaje: https://sskaje.me/2014/04/ipsec-vpn-working-os-mavericks/

Incoming search terms:

Categories
iOS OS X VPN 学习研究 操作系统相关 笔记

iOS IPSec VPN Server on Ubuntu

By @sskaje
Link: https://sskaje.me/2014/02/ios-ipsec-vpn-server-on-ubuntu/

I Google-ed a lot configuring IPSec VPN for iOS with OpenSwan, nothing useful but Iphone/Ipad/Mac OSX IPSEC VPN with Strongswan 5 on Centos/RHEL 6 which is on RHEL/CentOS and with strongswan found. I tried to configure openswan like strong swan, failed.

StrongSwan‘s official wiki helps a lot: http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple)/23

iOS 4 and newer supports native IPsec VPN via IKEv1 (otherwise referred to as Cisco IPSec in iOS) and is able to interoperate with strongSwan.

Environment

Work station

OS X 10.9
openssl from macports(OpenSSL 1.0.1f 6 Jan 2014).
Apple Configurator

VPN Server

Ubuntu 13.10
StrongSwan

Client

iPhone
iOS 7.0.5

iOS IPSec VPN Server on Ubuntu by @sskaje: https://sskaje.me/2014/02/ios-ipsec-vpn-server-on-ubuntu/