IPSEC with IPhone issue

Dear all
I got a new Iphone (IOS 15.6.1) and try to establsh there a new IPSEC VPN connection
My IPfire is on #171
II went through this wiki.ipfire.org - Roadwarrior with Apple macOS & iOS
to set it up
my hostname is ipfire.localdomain which I put in with @ipfire.localdomain at “local ID”
On remote ID I put @iphone
This I also named in system host name and in SubjetAlterName as "DNS:iphone
The local SubNet adn DNS as appropiate and the advanced settings as in the WIKI
Because I use a dyndns service I sent the root and p12 Cerificate to the Iphone
installed them and set up a new connetion with
Server: dyndns.my-domain.de
remote Id: ipfire.localdomain
Local Id: iphone
and choosed the appropiate certificate

As the result I got on the IPHONE : VPN Connection, An unexpected error occured
In the IPSEC log I got

11:08:56 charon: 05[CFG] no matching peer config found 11:08:56 charon: 05[CFG] ignore candidate 'iphone' without matching IKE proposal 11:08:56 charon: 05[CFG] candidate "iphone", match: 20/20/28 (me/other/ike) 11:08:56 charon: 05[CFG] looking for peer configs matching 87.177.154.45[ipfire.unkel]...80.187.7 4.249[iphone]

Any help is appreciated

The link posted above is an old link from 2020. There have been a few Wiki updates since then.

Use this page to help understand IPsec:

And this Wiki page for iPhone:

The Local ID: is actually the Internet address. The one you set-up: dyndns.my-domain.de

If you continue to experience issues, please post a picture of your IPsec page. Feel free to redact the my-domain (or anything else)

1 Like

Thank’s for the guidance.
Unfortunately no sucess. Here are my settings



I uploaded the CA, the .p12 file and set up the profie with an name ,as a server I used the dyndns, the remote ID “iphs2”, the local ID as “dyndns…de” and choosed the certificate.
I got as result “VPN connection, an unexpected error occured”
The log showed me


Any thoughts what there is wronng?

Thank you for sending the images. That makes things much easier!

In the IPsec > Global Settings the Host-to-Net Endpoint: should include your dyndns.my-domain.de. (do not include the @ prefix).

see:

I made the change, deleted the connection and set it up again. However I still get no connection. Here is the log

On the Iphoe I set up:
Server: dyndns…de
Remote ID: dyndns…de
Local ID: ip2hs

Where is my mistake?

Solved. The following settings worked for me:



Then sending the CA-Certificate and the .p12 certificate to the phone
On Settings → General -->VPN install both certificates one after next.
On VPN add a new Connection with
Description : eg my VPN
Server: Endpoint dyndns server FQDN
remote ID: ipfire.unkel (internal FQDN of the IPIRE)
local ID: myphone@mail.unkel (as in the certificate settings)
Authentification:
User-Auth: none !
Certificate: ON !
Certificate: choose imported user cert