[strongSwan] setting up a mac os x client

Cindy Moore ctmoore at cs.ucsd.edu
Wed Dec 10 20:44:32 CET 2014

(Ah, I finally see that the "options above" means the "Autoconf
options above"...)

Biting the bullet and compiling, since *both* options I'd really like
to check out have to be enabled at compilation time.  After running

./configure --prefix=/usr --sysconfdir=/etc --enable-xauth-pam

I eventually get

 strongSwan will be built with the following plugins
libstrongswan: aes des rc2 sha1 sha2 md5 random nonce x509 revocation
constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem
fips-prf gmp xcbc cmac hmac
libcharon:     socket-default stroke updown xauth-generic xauth-pam xauth-noauth
libhydra:      attr kernel-netlink resolve

I assume all the options that are enabled by default (as per
https://wiki.strongswan.org/projects/strongswan/wiki/PluginList) are
still enabled?

On Wed, Dec 10, 2014 at 7:53 AM, Cindy Moore <ctmoore at cs.ucsd.edu> wrote:
> Oh, thanks for the hint on the xauth-noauth workaround.  I don't want
> to use username/passwords unless I hook it into our ldap, but
> recompiling everything with the xauth-pam configuration enabled isn't
> high on my list.
> One question about compiling it, on the
> https://wiki.strongswan.org/projects/strongswan/wiki/InstallationDocumentation
> page, it says (Under Building StrongSwan, step #3)
> Configure strongSwan using some of the options above:
>  ./configure --prefix=/usr --sysconfdir=/etc --<your-options>
> There are no "options above".  Also, what is the standard options list
> configuration?  It seems to me that if one is interested in adding an
> option, they should have
> the original compile (configure) directive to refer to so they can
> simply add the extra option in without unknowingly deleting options
> that are standard (if any).
> On Wed, Dec 10, 2014 at 1:26 AM, Martin Willi <martin at strongswan.org> wrote:
>> Hi Cindy,
>>> I've been reading through this [AppleIKEv2Profile] and particularly
>>> the Certificate section. Assuming I have a 10.10 and above, is this
>>> what I need to do to setup a vpn client??
>> Unfortunately, despite some other information floating around, OS X
>> 10.10 does not support IKEv2 and the associated configuration profiles.
>> This is supported in iOS 8+ only, and I've updated the Wiki page
>> accordingly.
>> For OS X, you'll have to stick to IKEv1 with XAuth if you want to use
>> the native client [1]. If you want to use certificate authentication
>> only, you need to configure the connection through (IKEv1) configuration
>> profiles. Alternatively you may use the xauth-noauth plugin to use a
>> dummy XAuth round and just rely on certificate authentication.
>> You can also try the strongSwan IKEv2 OS X App [2], but it currently
>> supports EAP username/password authentication only.
>> Regards
>> Martin
>> [1]https://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple)
>> [2]http://download.strongswan.org/osx/

More information about the Users mailing list