[strongSwan] Some IKEv2 questions
Martin Willi
martin at strongswan.org
Wed Mar 4 11:47:20 CET 2015
Kindly asking to keep the discussion on the list, thanks.
> > IKEv2 supports certificate authentication without EAP, which is much
> > simpler and faster.
>
> Would I be able to do this with the StrongSwan applet for Mac OS X ?
No, the strongSwan OS X App currently supports EAP-MSCHAPv2 only using
username/password.
> What auth type is this? I'll read up on it in the man page.
In ipsec.conf, you configure rightauth=pubkey.
> Mar 4 10:02:05 foo charon: 15[IKE] sending DPD request
> Mar 4 10:02:05 foo charon: 15[ENC] generating INFORMATIONAL request 0 [ ]
> Mar 4 10:04:50 foo charon: 02[IKE] giving up after 5 retransmits
Your client does not answer to liveness checks. Most likely the packets
get lost, or the client does not answer.
Regards
Martin
More information about the Users
mailing list