[strongSwan] OS X/iOS clients with XAUTH

Brian Mastenbrook brian at mastenbrook.net
Sat Feb 2 21:49:30 CET 2013


Hello,

Is anyone successfully using StrongSwan 5.x with OS X/iOS clients using "Cisco IPsec" (XAUTH + tunnel mode)? I'm finding that clients drop after 45 minutes because the client wants to rekey, but doesn't expect to have to perform XAUTH authentication again. I found a recent issue report (http://wiki.strongswan.org/issues/260), and a patch for pluto (https://lists.strongswan.org/pipermail/users/2011-September/006613.html) to work around the issue, but I'm at a bit of a loss as to how to proceed with charon. Apple does not regard this as a bug in OS X and is not intending on fixing the behavior. Is this possible to accomplish with charon, or if not, is it straightforward to implement? I dug into the source a little and wasn't sure where to begin.

Thanks,

--
Brian Mastenbrook
brian at mastenbrook.net
http:/brian.mastenbrook.net/





More information about the Users mailing list