NEVPNProtocolIKEv2 behaviour in 10.3

Hi, I have a question about IKEv2 personal vpn.

My app is using NEVPNProtocolIKEv2. Setup basically looks like this:

func setupProtocol() throws -> NEVPNProtocolIKEv2 {

let proto = NEVPNProtocolIKEv2()

proto.authenticationMethod = .none

proto.serverAddress = self.domain

proto.identityData = try Data(contentsOf: p12)

proto.identityDataPassword = ...

proto.useExtendedAuthentication = true

proto.serverCertificateCommonName = self.domain

proto.serverCertificateIssuerCommonName = self.issuer

proto.localIdentifier = self.client

proto.remoteIdentifier = self.domain

return proto

}


Since iOS 10.3 I can't connect to my VPN server (Strongswan, certificate signed by Let's Encrypt Authority) without explicitly trust Let's Encrypt Authority through Safari (https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt)

I thought iOS could establish chain of trust via DST Root CA X3 (which is trusted), but seems like it's not true for iOS 10.3.

Is it expected behaviour?


Thanks for any help,

Roman.

Up vote post of tsopin Down vote post of tsopin
518 views
Posted by
tsopin
Reply
Add a Comment

Replies

This isn’t the first report I’ve seen of IKEv2 problems in 10.3. I recommend that you first remove your code from the equation by testing this with a configuration profile. If that reproduces the problem you know that this is nothing to do with your code but is rather a compatibility issue with the OS itself. At that point you should file a bug report and then talk to AppleCare to see if they have any workarounds.

Please post your bug number, just for the record.

Also, if you do file a bug report, make sure to follow the VPN-specific instructions on our Profiles and Logs page.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment