[strongSwan] MacOS 10.12 Sierra IKEv2 user/password auth
Pete Ashdown
pashdown at xmission.com
Sun Oct 9 19:13:19 CEST 2016
On 10/9/16 11:04 AM, Noel Kuntze wrote:
> On 09.10.2016 18:57, Pete Ashdown wrote:
>> conn win7
>> leftcert=vpnHostCert.der
>> leftsendcert=always
>> leftauth=pubkey
>> leftsubnet=0.0.0.0/0
>> right=%any
>> rightauth=eap-gtc
>> rightsourceip=10.10.10.16/2
>> rightsendcert=never
>> eap_identity=%any
>> keyexchange=ikev2
>> auto=add
> No leftid set, so it defaults to %any (which is the value of "left", if it is not defined).
> %any is probably not a valid ID in your certificate (and not a valid IP,
> DNS name or X.509 DN), so it defaults to the DN of the certificate
> I don't think Windows supports EAP-GTC.
>
Trying to get MacOS to work here, but if Windows doesn't support it,
then I probably have to abandon anyway. I was trying to upgrade from a
prior installation I did that used user/password (via LDAP) but under
IKEv1. That works with Windows, MacOS, iOS, and others.
More information about the Users
mailing list