[strongSwan] roadwarrior client on macOS?

Zachary Cutlip uid000 at gmail.com
Tue Apr 25 18:17:42 CEST 2017

Apple Configurator 2 (https://itunes.apple.com/us/app/apple-configurator-2/id1037126344) works well for building IKEv2 VPN profiles for macOS and iOS. You can even edit the profile later (they’re just XML plist format) to configure options that aren’t exposed in the GUI, such as on-demand connection rules.

I created a profile in Configurator that I use as a template for scripts. That way I can programmatically generate and sign profiles that work on macOS and iOS devices. Be sure to regenerate guids if you do this.

If you want to sign your profiles, you can use Configurator to add your CA (assuming your org has its own) to the device. Then profiles signed with that cert will be trusted. You can sign with:
openssl smime -sign -signer /path/to/ca_cert -inkey /path/to/ca_key -outform DER -in ./MyProfile.mobileconfig -out ./MyProfile_signed.mobileconfig  -nodetach


> On Apr 24, 2017, at 8:42 AM, Paul Harrison <paulharrisonsipad at gmail.com> wrote:
> Hi all,
> We have a Strongswan IKEv2 (client cert) based service that works
> extremely well on our Windows laptop clients. But I've now been tasked
> with getting our MacBooks connecting to it and have very little
> experience of Apple kit....
> I'm afraid I'm struggling with the wiki documentation and would like
> to use the roadwarrior app - however it asks for a username whereas I
> want to use the certificate already installed on the machine (which is
> used for Active Directory integration), what can I do here?
> Thanks a lot for any advice,
> Paul
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

More information about the Users mailing list