[Swan] OSX Connectivity debugging

Paul Wouters paul at nohats.ca
Tue Jan 22 20:08:44 UTC 2019

On Tue, 22 Jan 2019, Mr. Jan Walter wrote:

> NVM on the roaming clients question, the server cert needs the extended data.
> I generated a new vpn server cert with both the dns name, the local, and public ip address in the Alt data.
> I removed the esn= line from ipsec.conf, and now it gets this far, but the osx client states "authentication failed":

Does the server cert have a SubjectAltname with vv.zzz.net ?

For OSX, you can also install the IKEv2 debug profile. The run the test
and make it fail, then check the system logs. If installed on a phone,
connect the phone to the laptop, sync and then you should have the
debug logs.


More information about the Swan mailing list