[strongSwan] questions on mac os x
Cindy Moore
ctmoore at cs.ucsd.edu
Fri Sep 19 05:41:28 CEST 2014
Oh, also regarding this page:
https://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple)
I presume the conn ios example shown here works for Mac OS X as well?
Is there any recommended conn configuration for Apples
with ikev2 ?
eg:
conn ios
keyexchange=ikev1
authby=xauthrsasig
xauth=server
left=%defaultroute
leftsubnet=0.0.0.0/0
leftfirewall=yes
leftcert=serverCert.pem
right=%any
rightsubnet=10.0.0.0/24
rightsourceip=10.0.0.2
rightcert=clientCert.pem
pfs=no
auto=add
On Thu, Sep 18, 2014 at 8:32 PM, Cindy Moore <ctmoore at cs.ucsd.edu> wrote:
> Hi, I've been going over
> https://wiki.strongswan.org/projects/strongswan/wiki/MacOSX
> which looks pretty recently updated with refs to iOS 8 and all. I
> have several questions about what it says?
>
> "We recently released a native application for Mac OS X 10.7 and
> newer. It allows easy road-warrior access in a similar fashion as the
> NetworkManager integration does on Linux."
>
> So this is a strongswan vpn client?
>
> The most recent release can be found on http://download.strongswan.org/osx."
>
> Are there instructions anywhere for installing this? If it seems
> obvious, please forgive me, I'm a linux person through and through.
> Plus it looks like there's two different things here, do I need both
> or one or the other and some are zip files, some are bz2 and there's
> no helpful thing like "to install, just do sudo apt-get install <some
> package>" equivalent here.
>
> "Currently supported are IKEv2 connections using EAP-MSCHAPv2 or
> EAP-MD5 client authentication"
>
> I'm not clear if I can do RSA cert only connections? Mac OSX's native
> vpn client allowed me to specify just certificates on both ends.
> Something generally like (I know it needs tweaking, the mac won't yet
> accept it):
>
> conn roadwarrior
> keyexchange=ikev2
> leftauth=pubkey
> right=%any
> rightid=%any
> rightauth=pubkey
> auto=add
>
> (there are more defs in the default conn)
>
> More generally, is this page talking only about Mac OS X as a
> strongswan vpn *server*
> or as both a client and as a server? Particularly the latter half of
> the page discusses compiling and installing strongswan, but the
> remarks at the top half (which I quoted above) where it talks about
> the netmanager linux plugin, sound like it's talking about Mac OS X as
> a client to a vpn server.
>
> Thanks for any clearing up on these points.
More information about the Users
mailing list