[strongSwan] setting up a mac os x client
ctmoore at cs.ucsd.edu
Wed Dec 10 20:44:32 CET 2014
(Ah, I finally see that the "options above" means the "Autoconf
Biting the bullet and compiling, since *both* options I'd really like
to check out have to be enabled at compilation time. After running
./configure --prefix=/usr --sysconfdir=/etc --enable-xauth-pam
I eventually get
strongSwan will be built with the following plugins
libstrongswan: aes des rc2 sha1 sha2 md5 random nonce x509 revocation
constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem
fips-prf gmp xcbc cmac hmac
libcharon: socket-default stroke updown xauth-generic xauth-pam xauth-noauth
libhydra: attr kernel-netlink resolve
I assume all the options that are enabled by default (as per
On Wed, Dec 10, 2014 at 7:53 AM, Cindy Moore <ctmoore at cs.ucsd.edu> wrote:
> Oh, thanks for the hint on the xauth-noauth workaround. I don't want
> to use username/passwords unless I hook it into our ldap, but
> recompiling everything with the xauth-pam configuration enabled isn't
> high on my list.
> One question about compiling it, on the
> page, it says (Under Building StrongSwan, step #3)
> Configure strongSwan using some of the options above:
> ./configure --prefix=/usr --sysconfdir=/etc --<your-options>
> There are no "options above". Also, what is the standard options list
> configuration? It seems to me that if one is interested in adding an
> option, they should have
> the original compile (configure) directive to refer to so they can
> simply add the extra option in without unknowingly deleting options
> that are standard (if any).
> On Wed, Dec 10, 2014 at 1:26 AM, Martin Willi <martin at strongswan.org> wrote:
>> Hi Cindy,
>>> I've been reading through this [AppleIKEv2Profile] and particularly
>>> the Certificate section. Assuming I have a 10.10 and above, is this
>>> what I need to do to setup a vpn client??
>> Unfortunately, despite some other information floating around, OS X
>> 10.10 does not support IKEv2 and the associated configuration profiles.
>> This is supported in iOS 8+ only, and I've updated the Wiki page
>> For OS X, you'll have to stick to IKEv1 with XAuth if you want to use
>> the native client . If you want to use certificate authentication
>> only, you need to configure the connection through (IKEv1) configuration
>> profiles. Alternatively you may use the xauth-noauth plugin to use a
>> dummy XAuth round and just rely on certificate authentication.
>> You can also try the strongSwan IKEv2 OS X App , but it currently
>> supports EAP username/password authentication only.
More information about the Users