[strongSwan] setting up a mac os x client

[Cindy Moore]

Oh, thanks for the hint on the xauth-noauth workaround.  I don't want
to use username/passwords unless I hook it into our ldap, but
recompiling everything with the xauth-pam configuration enabled isn't
high on my list.

One question about compiling it, on the
https://wiki.strongswan.org/projects/strongswan/wiki/InstallationDocumentation
page, it says (Under Building StrongSwan, step #3)

Configure strongSwan using some of the options above:

 ./configure --prefix=/usr --sysconfdir=/etc --<your-options>

There are no "options above".  Also, what is the standard options list
configuration?  It seems to me that if one is interested in adding an
option, they should have
the original compile (configure) directive to refer to so they can
simply add the extra option in without unknowingly deleting options
that are standard (if any).


On Wed, Dec 10, 2014 at 1:26 AM, Martin Willi <martin at strongswan.org> wrote:
> Hi Cindy,
>
>> I've been reading through this [AppleIKEv2Profile] and particularly
>> the Certificate section. Assuming I have a 10.10 and above, is this
>> what I need to do to setup a vpn client??
>
> Unfortunately, despite some other information floating around, OS X
> 10.10 does not support IKEv2 and the associated configuration profiles.
> This is supported in iOS 8+ only, and I've updated the Wiki page
> accordingly.
>
> For OS X, you'll have to stick to IKEv1 with XAuth if you want to use
> the native client [1]. If you want to use certificate authentication
> only, you need to configure the connection through (IKEv1) configuration
> profiles. Alternatively you may use the xauth-noauth plugin to use a
> dummy XAuth round and just rely on certificate authentication.
>
> You can also try the strongSwan IKEv2 OS X App [2], but it currently
> supports EAP username/password authentication only.
>
> Regards
> Martin
>
> [1]https://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple)
> [2]http://download.strongswan.org/osx/
>