Hi, I have a question about IKEv2 personal vpn.
My app is using NEVPNProtocolIKEv2. Setup basically looks like this:
func setupProtocol() throws -> NEVPNProtocolIKEv2 {
let proto = NEVPNProtocolIKEv2()
proto.authenticationMethod = .none
proto.serverAddress = self.domain
proto.identityData = try Data(contentsOf: p12)
proto.identityDataPassword = ...
proto.useExtendedAuthentication = true
proto.serverCertificateCommonName = self.domain
proto.serverCertificateIssuerCommonName = self.issuer
proto.localIdentifier = self.client
proto.remoteIdentifier = self.domain
return proto
}
Since iOS 10.3 I can't connect to my VPN server (Strongswan, certificate signed by Let's Encrypt Authority) without explicitly trust Let's Encrypt Authority through Safari (https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt)
I thought iOS could establish chain of trust via DST Root CA X3 (which is trusted), but seems like it's not true for iOS 10.3.
Is it expected behaviour?
Thanks for any help,
Roman.