[strongSwan] Some IKEv2 questions

Martin Willi martin at strongswan.org
Wed Mar 4 11:47:20 CET 2015


Kindly asking to keep the discussion on the list, thanks.

> > IKEv2 supports certificate authentication without EAP, which is much
> > simpler and faster.
> 
> Would I be able to do this with the StrongSwan applet for Mac OS X ? 

No, the strongSwan OS X App currently supports EAP-MSCHAPv2 only using
username/password. 

> What auth type is this? I'll read up on it in the man page.

In ipsec.conf, you configure rightauth=pubkey.

> Mar  4 10:02:05 foo charon: 15[IKE] sending DPD request
> Mar  4 10:02:05 foo charon: 15[ENC] generating INFORMATIONAL request 0 [ ]
> Mar  4 10:04:50 foo charon: 02[IKE] giving up after 5 retransmits

Your client does not answer to liveness checks. Most likely the packets
get lost, or the client does not answer.

Regards
Martin



More information about the Users mailing list