[Swan] OSX Connectivity debugging
kman at fastmail.com
Wed Jan 30 18:55:08 UTC 2019
On Wed, Jan 30, 2019, at 9:29 PM, Mr. Jan Walter wrote:
> Actually, the issue turned out to be that the "local id" in the OSX
> VPN config had to be the CN on the client certificate. Yeah,
> obvious, right?
Sure, quite obvious given the detailed and clear error messages from
OS X logs :)
To be fair, I think libreswan's debug logging for "failed cert
validation" could use an improvement too --
-- instead of just "No matching subjectAltName found", it could log what
it is (what name exactly) it was trying to match.
Looking at the code, it does for IPs, sort of, but not for DNS names and
not if the cert has no subjectAltName at all...
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Swan