[strongSwan] questions on mac os x

Cindy Moore ctmoore at cs.ucsd.edu
Fri Sep 19 05:41:28 CEST 2014


Oh, also regarding this page:
https://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple)

I presume the conn ios example shown here works for Mac OS X as well?
Is there any recommended conn configuration for Apples
with ikev2 ?

eg:

conn ios
        keyexchange=ikev1
        authby=xauthrsasig
        xauth=server
        left=%defaultroute
        leftsubnet=0.0.0.0/0
        leftfirewall=yes
        leftcert=serverCert.pem
        right=%any
        rightsubnet=10.0.0.0/24
        rightsourceip=10.0.0.2
        rightcert=clientCert.pem
        pfs=no
        auto=add

On Thu, Sep 18, 2014 at 8:32 PM, Cindy Moore <ctmoore at cs.ucsd.edu> wrote:
> Hi, I've been going over
> https://wiki.strongswan.org/projects/strongswan/wiki/MacOSX
> which looks pretty recently updated with refs to iOS 8 and all.  I
> have several questions about what it says?
>
> "We recently released a native application for Mac OS X 10.7 and
> newer. It allows easy road-warrior access in a similar fashion as the
> NetworkManager integration does on Linux."
>
> So this is a strongswan vpn client?
>
> The most recent release can be found on http://download.strongswan.org/osx."
>
> Are there instructions anywhere for installing this? If it seems
> obvious, please forgive me, I'm a linux person through and through.
> Plus it looks like there's two different things here, do I need both
> or one or the other and some are zip files, some are bz2 and there's
> no helpful thing like "to install, just do sudo apt-get install <some
> package>" equivalent here.
>
> "Currently supported are IKEv2 connections using EAP-MSCHAPv2 or
> EAP-MD5 client authentication"
>
> I'm not clear if I can do RSA cert only connections? Mac OSX's native
> vpn client allowed me to specify just certificates on both ends.
> Something generally like (I know it needs tweaking, the mac won't yet
> accept it):
>
> conn roadwarrior
>   keyexchange=ikev2
>   leftauth=pubkey
>   right=%any
>   rightid=%any
>   rightauth=pubkey
>   auto=add
>
> (there are more defs in the default conn)
>
> More generally, is this page talking only about Mac OS X as a
> strongswan vpn *server*
> or as both a client and as a server?  Particularly the latter half of
> the page discusses compiling and installing strongswan, but the
> remarks at the top half (which I quoted above) where it talks about
> the netmanager linux plugin, sound like it's talking about Mac OS X as
> a client to a vpn server.
>
> Thanks for any clearing up on these points.


More information about the Users mailing list