IPSec VPN Working for OS X Mavericks

In iOS IPSec VPN Server on Ubuntu, I host a VPN on Ubuntu 13.10 based on StrongSwan 4.x, working for iOS, but not for OSX.

Then I upgraded to Ubuntu 14.04, which has StrongSwan upgraded to 5.x, error like:

To fix this, install all strongswan’s plugins by:

And make some changes to configurations:
/etc/ipsec.conf:

/etc/strongswan.conf:
Replace with strongswan.conf.dpkg-dist

After these, VPN is connectable by OS X but DNS settings is not pushed to the client-side

/etc/strongswan.d/charon.conf:

DONE.

If you get a error saying the certificate is not trusted, and then check /var/log/system.log, you may found

If you have debug logging enabled in /etc/racoon/racoon.conf like

You may see more detail in /var/log/racoon.log, kSecTrustResultRecoverableTrustFailure might be a useful keyword.
Google it, the only useful article is http://www.traud.de/vpn/ but still not working here.

I tried on my macbook pro, and also as a dude told me, the Root CA I gave and the mobileconfig worked without any error nor warning.
But on my mac mini and from some others, error like above, which stopped me getting ipsec on os x work before.

I tried to delete the certificate, both root ca and client’s, from Keychain Access app, and the mobileconfig from Profiles in Preferences, reinstall like firstly CA secondly mobileconfig, check if the mobileconfig is signed and has passed the certificate verification, green light on then there it goes.

IPSec VPN Working for OS X Mavericks by @sskaje: https://sskaje.me/2014/04/ipsec-vpn-working-os-mavericks/

Incoming search terms:

iOS IPSec VPN Server on Ubuntu

I Google-ed a lot configuring IPSec VPN for iOS with OpenSwan, nothing useful but Iphone/Ipad/Mac OSX IPSEC VPN with Strongswan 5 on Centos/RHEL 6 which is on RHEL/CentOS and with strongswan found. I tried to configure openswan like strong swan, failed.

StrongSwan‘s official wiki helps a lot: http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple)/23

iOS 4 and newer supports native IPsec VPN via IKEv1 (otherwise referred to as Cisco IPSec in iOS) and is able to interoperate with strongSwan.

Environment

Work station

OS X 10.9
openssl from macports(OpenSSL 1.0.1f 6 Jan 2014).
Apple Configurator

VPN Server

Ubuntu 13.10
StrongSwan

Client

iPhone
iOS 7.0.5
Continue reading “iOS IPSec VPN Server on Ubuntu” »

iOS IPSec VPN Server on Ubuntu by @sskaje: https://sskaje.me/2014/02/ios-ipsec-vpn-server-on-ubuntu/

Incoming search terms: