[strongSwan] questions on mac os x

Cindy Moore ctmoore at cs.ucsd.edu
Fri Sep 19 05:32:28 CEST 2014


Hi, I've been going over
https://wiki.strongswan.org/projects/strongswan/wiki/MacOSX
which looks pretty recently updated with refs to iOS 8 and all.  I
have several questions about what it says?

"We recently released a native application for Mac OS X 10.7 and
newer. It allows easy road-warrior access in a similar fashion as the
NetworkManager integration does on Linux."

So this is a strongswan vpn client?

The most recent release can be found on http://download.strongswan.org/osx."

Are there instructions anywhere for installing this? If it seems
obvious, please forgive me, I'm a linux person through and through.
Plus it looks like there's two different things here, do I need both
or one or the other and some are zip files, some are bz2 and there's
no helpful thing like "to install, just do sudo apt-get install <some
package>" equivalent here.

"Currently supported are IKEv2 connections using EAP-MSCHAPv2 or
EAP-MD5 client authentication"

I'm not clear if I can do RSA cert only connections? Mac OSX's native
vpn client allowed me to specify just certificates on both ends.
Something generally like (I know it needs tweaking, the mac won't yet
accept it):

conn roadwarrior
  keyexchange=ikev2
  leftauth=pubkey
  right=%any
  rightid=%any
  rightauth=pubkey
  auto=add

(there are more defs in the default conn)

More generally, is this page talking only about Mac OS X as a
strongswan vpn *server*
or as both a client and as a server?  Particularly the latter half of
the page discusses compiling and installing strongswan, but the
remarks at the top half (which I quoted above) where it talks about
the netmanager linux plugin, sound like it's talking about Mac OS X as
a client to a vpn server.

Thanks for any clearing up on these points.


More information about the Users mailing list