<div dir="ltr">Got it sorted out.<div><br></div><div>If anyone is interested, the AuthenticationMethod is the local and remote Auth methods, but, if ExtendedAuthEnabled is 1, then AuthenticationMethod is the remote end Auth while the Local end uses EAP(XAUTH) for authentication</div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jan 13, 2020 at 2:28 PM Felipe Arturo Polanco <<a href="mailto:felipeapolanco@gmail.com">felipeapolanco@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hello,<div><br></div><div>I'm trying to set up a strongswan client for an IKEv2 server that works fine over Mac OS.</div><div><br></div><div>They provide this mobileconfig setting but I'm confused since they are using PSK and Username+password at the same time, does Mac OS X support multiple authentication rounds in IKEv2? </div><div>How would this file translate to a swanctl config?</div><div><br></div><div><key>IKEv2</key><br>        <dict><br>          <key>RemoteIdentifier</key><br>          <string><a href="http://myvpn.com" target="_blank">myvpn.com</a></string><br>          <key>AuthenticationMethod</key><br>          <string>SharedSecret</string><br>          <key>SharedSecret</key><br>          <string>00000000</string><br>          <key>LocalIdentifier</key><br>          <string>john003</string><br>          <key>RemoteAddress</key><br>          <string><a href="http://myvpn.com" target="_blank">myvpn.com</a></string><br>          <key>ExtendedAuthEnabled</key><br>          <integer>1</integer><br>          <key>AuthName</key><br>          <string>john003</string><br>          <key>AuthPassword</key><br>          <string>changeme</string><br></div><div><br></div><div>Thanks,</div></div>
</blockquote></div>