V. VPN (Virtual Private Networking)

How to fix SSL VPN connection error after upgrading to iOS 13 and macOS 10.15

Products:
Vigor 2960
Vigor 3900
Keywords:
Apple
Certificate
Mac
TrustedCA
Show all

Apple has changed their certificate security requirements, and it affects the SmartVPN app on iOS13 and macOS 10.15 to create a connection if the Vigor VPN servers are using Self-Signed Certificate. To meet the new security policy of Apple, we can regenerate a new Self-Signed Certificate. In this article we are going to look at how to do this on our Linux devices such as the Vigor 3900 and Vigor 2960.

Please follow these steps to regenerate self-signed certificate

1. Navigate to [System Maintenance] > [Time and Date]  to make sure the router's time settings are correct, and it's better to match the client's time zone. Because when authenticating the server's identity, the client will check if the current time and date are within the server certificate’s validity period.

IosCert TimeDate

2. Navigate to [Certificate Management] > [Trusted CA], click Build Root CA, fill out all of the information , select Key Size as 2048 and apply the settings

iosCert trustedCA

3.Go to [Certificate Management] > [Local Certificate], then click Generate

a. Select ID Type as either Domain Name or IP address, depends on which one will the VPN client used for connecting to the server.
b. Type ID Value as the domain name or IP address of the router. It should be the IP address or domain name which VPN clients use for their Server settings.
c. Fill out all the information
d. Select "Enable" for Self Sign
e. Enter CA Key Passphrase to match the CA Key Passphrase of Root CA
f. Click Apply to finish

IosCert localcert

4. Go to [System Maintenance] > [Access Control] > [Access Control] and select the local certificate created for Server Certificate, then click Apply to save.

IosCert AccessControl

5. After the above configuration, the SmartVPN on iOS13 can connect successfully.


How do you rate this article?

1 1 1 1 1 1 1 1 1 1