Download Surfshark Ikev2 Certificate
Jorgelina Celli
Everything looks fine until at response 5 I get some weird certificate. I don't know how exactly the PEAP protocol goes, and what is supposed to happen on that step, but the connection works on windows, so I assume there is a problem on my end.
Apparently, the certificate of the RADIUS server that requested EAP-PEAP has expired, but the subject with all that "example" stuff looks weird anyway (unless you modified that). Why Windows would accept that, if it actually uses EAP-PEAP, I don't know.
Is it possible to maybe download an older or custom client for surfshark? I can't do much without it, as all other VPNs won't work on the network. The only other option I have is VPN over SSH, but surfshark doesn't seem to support that, either.
When you perform any of these procedures, we recommend that you Connect to a Device with WatchGuard System Manager so Policy Manager can download the list of currently installed certificates. If you save changes from a local configuration file and the new settings do not match the certificates on the Firebox, your Firebox may not operate correctly.
AppEsteem discovered that all six of the listed VPNs installed their own root certificate. A root certificate is an important component in cryptography and encryption, essentially proving the validity of an encryption key. Because a root certificate is self-signed, the most trusted ones are issued by established certificate authorities (CA).
Manual connection setup
1. First, download the NordVPN IKEv2 certificate to your macOS. The easiest way is to click this link on your macOS device.
Once downloaded, open the certificate file in the Downloads folder.
4. Under When using this certificate, set the IP Security (IPSec) and Extensible Authentication (EAP) fields to Always Trust. Leave all other fields as Never Trust. You will have to enter your Mac password to make these changes. Once done, close the keychain.
5. Click on the Apple logo in the upper-right corner of the screen and select System Preferences....
An IKEv2 server requires a certificate to identify itself to clients. To help create the required certificate, the strongswan-pki package comes with a utility called pki to generate a Certificate Authority and server certificates.
The --flag serverAuth option is used to indicate that the certificate will be used explicitly for server authentication, before the encrypted tunnel is established. The --flag ikeIntermediate option is used to support older macOS clients.
There are multiple ways to import the root certificate and configure Windows to connect to a VPN. The first method uses graphical tools for each step. The second method uses PowerShell commands, which can be scripted and modified to suit your VPN configuration.
To import the root CA certificate using PowerShell, first open a PowerShell prompt with administrator privileges. To do so, right click the Start menu icon and select Windows PowerShell (Admin). You can also open a command prompt as administrator and type powershell.
Your VPN service providers often ask their users to install their Certificate Authority root certificate (or they just do it for them as part of their installation process.) Any CA installed on the operating system level is implicitly trusted to vouch for any website, email server, app, etc. that has been signed by it.
You can look for a VPN service provider that support IKEv2 EAP/PEAP username/password authentication without requiring you to install a root certificate. Look in their knowledge base/customer support portal for manual IKEv2 setup instructions for your operating system and scan for mentions of installing any certificates.
I have tried all addresses I used to link to frequently, and the ip address given above, i.e., 154.47.23.100, but none of them work now. Do you have any substitutes for openvpn to make surfshark work, or do you have a better choice of VPN with a low price? I will appreciate it if you give me any advice. Thank you very much.
Am I the only one having issues with surfshark (shadowsocks) on mobile phone? Recently all of my connections are down (4 android + 4 ios), I use the exact same setup on PC and MAC they work flawlessly. I then deleted the shadowsocks app (android) and scanned the qr code from PC client still getting bad results. On the same app I have other profiles from my own VPS and they also work with no issue. So I assume this is a problem from surfshark servers? or anyone else having the same problem? Cheers
760c119bf3