[strongSwan] questions on mac os x

Cindy Moore ctmoore at cs.ucsd.edu
Fri Sep 19 05:41:28 CEST 2014

Oh, also regarding this page:

I presume the conn ios example shown here works for Mac OS X as well?
Is there any recommended conn configuration for Apples
with ikev2 ?


conn ios

On Thu, Sep 18, 2014 at 8:32 PM, Cindy Moore <ctmoore at cs.ucsd.edu> wrote:
> Hi, I've been going over
> https://wiki.strongswan.org/projects/strongswan/wiki/MacOSX
> which looks pretty recently updated with refs to iOS 8 and all.  I
> have several questions about what it says?
> "We recently released a native application for Mac OS X 10.7 and
> newer. It allows easy road-warrior access in a similar fashion as the
> NetworkManager integration does on Linux."
> So this is a strongswan vpn client?
> The most recent release can be found on http://download.strongswan.org/osx."
> Are there instructions anywhere for installing this? If it seems
> obvious, please forgive me, I'm a linux person through and through.
> Plus it looks like there's two different things here, do I need both
> or one or the other and some are zip files, some are bz2 and there's
> no helpful thing like "to install, just do sudo apt-get install <some
> package>" equivalent here.
> "Currently supported are IKEv2 connections using EAP-MSCHAPv2 or
> EAP-MD5 client authentication"
> I'm not clear if I can do RSA cert only connections? Mac OSX's native
> vpn client allowed me to specify just certificates on both ends.
> Something generally like (I know it needs tweaking, the mac won't yet
> accept it):
> conn roadwarrior
>   keyexchange=ikev2
>   leftauth=pubkey
>   right=%any
>   rightid=%any
>   rightauth=pubkey
>   auto=add
> (there are more defs in the default conn)
> More generally, is this page talking only about Mac OS X as a
> strongswan vpn *server*
> or as both a client and as a server?  Particularly the latter half of
> the page discusses compiling and installing strongswan, but the
> remarks at the top half (which I quoted above) where it talks about
> the netmanager linux plugin, sound like it's talking about Mac OS X as
> a client to a vpn server.
> Thanks for any clearing up on these points.

More information about the Users mailing list