[Swan] OSX Connectivity debugging
Paul Wouters
paul at nohats.ca
Tue Jan 22 20:08:44 UTC 2019
On Tue, 22 Jan 2019, Mr. Jan Walter wrote:
> NVM on the roaming clients question, the server cert needs the extended data.
>
> I generated a new vpn server cert with both the dns name, the local, and public ip address in the Alt data.
>
> I removed the esn= line from ipsec.conf, and now it gets this far, but the osx client states "authentication failed":
Does the server cert have a SubjectAltname with vv.zzz.net ?
For OSX, you can also install the IKEv2 debug profile. The run the test
and make it fail, then check the system logs. If installed on a phone,
connect the phone to the laptop, sync and then you should have the
debug logs.
Paul
More information about the Swan
mailing list