IKEv2 Configuration local identifier with ASN1DN issue with strongSwan

Dears,

Recently we are trying to configure vpn settings for IKEv2 in iOS client to our strongSwan server.

But we have encountered trouble with the local identifer settings between iOS clent and strongSwan server.

It's look there's known issue for identities type as below:

ASN.1 Distinguished Names can't be used as identities because the client currently sends them as identities of type FQDN.

It look like this is a known issue, the iOS client is always sending identities type with FQDN, no matter what content we inputed in the local itentifier.

Then the s t r o n g S w a n sever would have issue handling the type and content not matched.

If my understanding is correct, does iOS going to fix this known issue?

Any help would be appreciate!

Thanks!

keep getting "The message contains invalid characters." when post...

Indeed. DevForums is currently having problems with this; I’ve escalated the issue to the folks responsible.

It look like this is a known issue, the iOS client is always sending identities type with FQDN, no matter what content we inputed in the local itentifier.

Are you trying to set this up programmatically? Or via the UI? If the problem shows up when you’re setting up the VPN via the UI (or a configuration profile), you’d be better off asking your question over in Apple Support Communities, run by AppleCare, and specifically in one of the in Business and Education topic areas, where you’re more likely to connect with folks with direct experience here.

Having said that, I’ve worked with developers who’ve got iOS to connect to StrongSwan just fine. Not sure what they did; setting up VPN servers is not really my forte.

If my understanding is correct, does iOS going to fix this known issue?

We generally can’t comment on future stuff beyond what’s in the currently seeded OS releases. If you have a specific change you’d like to see made, you should file a bug describing the problem.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

We are planning to setup programmatically with our vpn setting for IKEv2.

But before jump into programing, we are trying to find correct configuration for IKEv2 with apple configurator 2.

We could setup our iOS to connect to strongSwan server successfully with IPSec configuration and also "IKEv2 with account/password" are successfully. in both programing and apple configurator 2.

But if we want to setup "IKEv2 with certificate and local identifier with ASN1DN", the result is always failed.

Then we found the strongSwan website mentioned below:

- it's the known issue from client side:

ASN.1 Distinguished Names can't be used as identities because the client currently sends them as identities of type FQDN.

(The url link is failed to post here: due to "The message contains invalid characters.")

If you want to find more information, please google "IKEv2 Configuration Profile for Apple iOS 8 and newer - strongSwan", the first result should be the link.

I'll also try to find the anwser from your recommended Apple Support Communities and bug.

Thanks for the help!