<blockquote type="cite">Mark, here is a conn that I use and it works
perfectly for Mac:</blockquote><blockquote type="cite">config
setup</blockquote><blockquote type="cite">       
uniqueids=never</blockquote><blockquote type="cite">     
  charondebug="cfg 2, dmn 2, ike 2, net
2"</blockquote><blockquote type="cite"><br />
</blockquote><blockquote type="cite">conn %default</blockquote><blockquote
type="cite">       
fragmentation=force</blockquote><blockquote type="cite">   
    keyexchange=ike</blockquote><blockquote type="cite"> 
     
ike=aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024!</blockquote><blockquote
type="cite">       
esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024,aes128gcm16,aes256gcm16,aes128-sha256,aes128-sha1,aes256-sha384,aes256-sha256,aes256-sha1!</blockquote><blockquote
type="cite">       
dpdaction=clear</blockquote><blockquote type="cite">     
  dpddelay=300s</blockquote><blockquote type="cite">   
    rekey=no</blockquote><blockquote type="cite">   
    left=%any</blockquote><blockquote type="cite">   
    leftsubnet=0.0.0.0/0</blockquote><blockquote
type="cite">        right=%any</blockquote><blockquote
type="cite">        rightdns=[add your
ip]</blockquote><blockquote type="cite">       
rightsourceip=[add your ip]</blockquote><blockquote type="cite"><br />
</blockquote><blockquote type="cite">conn mac</blockquote><blockquote
type="cite">       
authby=xauthpsk</blockquote><blockquote type="cite">     
  xauth=server</blockquote><blockquote type="cite">   
    left=%defaultroute</blockquote><blockquote
type="cite">        auto=add</blockquote><blockquote
type="cite">       
aggressive=no</blockquote><blockquote type="cite">     
  lifetime=24h</blockquote><blockquote type="cite">   
    ikelifetime=240h</blockquote><blockquote type="cite"> 
      reauth=yes</blockquote><blockquote type="cite"><br
type="_moz" />
</blockquote><blockquote type="cite"><br type="_moz" />
</blockquote><blockquote type="cite"><br type="_moz" />
</blockquote><blockquote type="cite"><span style="font-family: 'Lucida
Grande';">Hi,<br />
<br />
New to strongSwan. Does the native Mac OS X app only do IKEv2 EAP?<br />
<br />
I have a requirement to do machine-based auth and getting a little
confused<br />
about what to add or take away from the example on the wiki, so if
anyone<br />
has an example configuration profile that I could potentially push out
to<br />
my Macs, I'd be extremely grateful!<br />
<br />
Thanks in advance,<br />
<br />
Mark</span></blockquote>