![]() Signature Algorithm: sha256WithRSAEncryption Here is a redacted copy of an openssl decode of the server certificate ![]() This is with the same rootCA and the same client certificate installed and trusted on both the iPhone and the Mac, and with the same server certificate on the Racoon VPN server (obviously) being used by both the iPhone and the Mac. Racoon with Certificates instead of PSK, still authenticating users via LDAP this time using xauth_rsa_server, and configured in Racoon to force all VPN traffic to be routed via the VPN connection, works perfectly on an iPhone (7.0.4) but fails as described above on the Mac (10.9.1). Racoon with PSK and authenticating users via LDAP using xauth_psk_server, and configured in Racoon to force all VPN traffic to be routed via the VPN connection works perfectly on both a Mac (10.9.1) and an iPhone (7.0.4). Apparently while the iPhone will happily just check the DN name in the server certificate matches what has been entered in the VPN profile on the iPhone and matches the DNS name of the VPN server, the Mac also checks for a SAN that matches as well.Įxcept I have specficially gone out of my way to generate a server certificate with a proper SAN entry to avoid this issue! Having done a lot of searching on Google, the most common suggestion is that the server certificate is lacking a valid SAN (Subject Alternative Name). On the Racoon server I get an error message saying " 16:26:28: ERROR: ignore information because the message is too short - 76 byte(s)." Verify your settings and try reconnecting.". Unfortunately on the Mac I consistently get a message saying "Could not validate the server certificate. With the iPhone it connects with no problems and I have confirmed by deliberately on the iPhone using either the wrong certificate or wrong password that both are being checked by Racoon. ![]() Xauth is checking the login name and password via LDAP to Open Directory.Īgain the iPhone works fine I have installed the self-signed rootCA and the user certificate on both the Mac and the iPhone. I then reconfigured Racoon to instead of using a PSK, to use a server SSL certificate and to check the clients SSL certificate, Racoon is still checking a login name and password as well, I am therefore using now using xauth_rsa_server whereas before I was using xauth_psk_server. Initially I set Racoon up to use PSK (PreSharedKey) and to route all traffic via the VPN connection and this worked fine for both Macs (Mavericks 10.9.1) and iPhones (iOS 7.0.4). ![]() I have setup a Linux system running Racoon as a Cisco IPSec compatible VPN server. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |