Ipsec ikev2 ios connection

bradlay

Hi,

I have a configuration working within IPSec for mobile clients (IOS8 specifically) that only works when I manually enter 'leftsendcert=yes' to ipsec.conf

My question is, for IKEv2 configuration via the GUI, is there a combination that would get this value into ipsec.conf?


config setup
        uniqueids = never
        charondebug=""

conn bypasslan
        leftsubnet = 192.168.1.1/32
        rightsubnet = 192.168.1.0/24
        authby = never
        type = passthrough
        auto = route

conn con1
        fragmentation = yes
        keyexchange = ikev2
        reauth = yes
        forceencaps = no
        mobike = yes
        rekey = yes
        installpolicy = yes
        type = tunnel
        dpdaction = clear
        dpddelay = 10s
        dpdtimeout = 60s
        auto = add
        left = 192.168.0.126
        right = %any
        leftid = 192.168.0.126
        ikelifetime = 28800s
        lifetime = 3600s
        rightsourceip = 192.168.100.0/24
        ike = aes256-sha256-modp1024!
        esp = aes256-sha256,aes256-sha384,aes256-sha512,aes192-sha256,aes192-sha384,aes192-sha512,aes128-sha256,aes128-sha384,aes128-sha512!
        leftauth = pubkey
        rightauth = pubkey
        leftcert=/var/etc/ipsec/ipsec.d/certs/cert-1.crt
        leftsubnet = 0.0.0.0/0
        leftsendcert = always

Any suggestions?
![Screen Shot 2015-06-07 at 9.31.05 AM.png](/public/imported_attachments/1/Screen Shot 2015-06-07 at 9.31.05 AM.png)
![Screen Shot 2015-06-07 at 9.31.05 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-06-07 at 9.31.05 AM.png_thumb)