Hi,
Since I updated to iOS 10.2 I can't connect to my VPN server. Same configuration is still working totally fine with previous versions of iOS. (e.g. 10.1)
I'm using ikev2 with Strongswan and LetsEncrypt certificate and trying to connect using NEVPNManager.
This is what I got in the console:
- Plugin com.apple.neplugin.IKEv2 does not have a bundle URL
- sendInitCommand: failed to create a com.apple.vpn-plugin sandbox extension for /System/Library/Frameworks/NetworkExtension.framework/PluginIKEv2.vpnplugin
- ikev2_crypto_copy_remote_certificate_authority_array: failed to retrieve remote CA cert data by CN (Let's Encrypt Authority X3)
- Certificate authentication data could not be verified
- Failed to process IKE Auth (EAP) packet
And this is what I got on the server (so it's working fine):
- sending end entity cert "CN=xxxmyvpnxxx.com"
- 16[IKE] sending issuer cert "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"
I created same connection manually and it works. The log looks the same, except rows below are absent (so I assume this is main problem):
- ikev2_crypto_copy_remote_certificate_authority_array: failed to retrieve remote CA cert data by CN (Let's Encrypt Authority X3)
- Certificate authentication data could not be verified
- Failed to process IKE Auth (EAP) packet
Edit: I tried to manually install Issuer certificate (Let's Encrypt Authority X3) and connection works now. Can I somehow avoid this limitation? (It seems redundant to add Issuer certificate, because server certificate (xxxmyvpnxxx.com) already contains Issuer certificate and user trusts it)
Could anyone provide any help with this problem?
Thanks, Roman.