ChienHung Yang

Q: IKEv2 Configuration local identifier with ASN1DN issue with strongSwan

Hi,

 

I am trying to setup IKEv2 configuration in iOS to connect to our strongSwan server.

Our server's configuration is base on certificate, local identifier (ASN1DN) and remote identifier.

However the configuration is always failed for the vpn connection.

 

We had tried to identify this issue and we found the strongSwan website has already mentioned this issue.

https://wiki.strongswan.org/projects/strongswan/wiki/AppleIKEv2Profile

Known Issues

  • ASN.1 Distinguished Names can't be used as identities because the client currently sends them as identities of type FQDN.

 

As strongSwan has mentioned, it looks like the "identifier_type" this value has different implemented in iOS and strongSwan. So the strongSwan server would not able to handle this.

 

Does anyone encountered this same issue? and any other solution or help would be appreciated!

And btw, if the strongSwan's statement is correct, i could not found any fixing plan in iOS. If there's any link, it is also appreciated to give me to reference.

 

Thanks!

iPhone 6s Plus, iOS 9.3.5

Posted on Sep 2, 2016 2:34 AM