[strongSwan] MacOS 10.12 Sierra IKEv2 user/password auth

Pete Ashdown pashdown at xmission.com
Sun Oct 9 19:13:19 CEST 2016

On 10/9/16 11:04 AM, Noel Kuntze wrote:
> On 09.10.2016 18:57, Pete Ashdown wrote:
>> conn win7
>>      leftcert=vpnHostCert.der
>>      leftsendcert=always
>>      leftauth=pubkey
>>      leftsubnet=
>>      right=%any
>>      rightauth=eap-gtc
>>      rightsourceip=
>>      rightsendcert=never
>>      eap_identity=%any
>>      keyexchange=ikev2
>>      auto=add
> No leftid set, so it defaults to %any (which is the value of "left", if it is not defined).
> %any is probably not a valid ID in your certificate (and not a valid IP,
> DNS name or X.509 DN), so it defaults to the DN of the certificate
> I don't think Windows supports EAP-GTC.
Trying to get MacOS to work here, but if Windows doesn't support it,
then I probably have to abandon anyway.  I was trying to upgrade from a
prior installation I did that used user/password (via LDAP) but under
IKEv1.  That works with Windows, MacOS, iOS, and others.

More information about the Users mailing list