[strongSwan] OS X/macOS configuration

strongswan at jodywhitesides.com strongswan at jodywhitesides.com
Sun Mar 26 21:20:49 CEST 2017 


Mark, here is a conn that I use and it works
perfectly for Mac:config
setup       
uniqueids=never     
  charondebug="cfg 2, dmn 2, ike 2, net
2"

conn %default       
fragmentation=force   
    keyexchange=ike 
     
ike=aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024!       
esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024,aes128gcm16,aes256gcm16,aes128-sha256,aes128-sha1,aes256-sha384,aes256-sha256,aes256-sha1!       
dpdaction=clear     
  dpddelay=300s   
    rekey=no   
    left=%any   
    leftsubnet=0.0.0.0/0        right=%any        rightdns=[add your
ip]       
rightsourceip=[add your ip]

conn mac       
authby=xauthpsk     
  xauth=server   
    left=%defaultroute        auto=add       
aggressive=no     
  lifetime=24h   
    ikelifetime=240h 
      reauth=yes


Hi,



New to strongSwan. Does the native Mac OS X app only do IKEv2 EAP?



I have a requirement to do machine-based auth and getting a little
confused

about what to add or take away from the example on the wiki, so if
anyone

has an example configuration profile that I could potentially push out
to

my Macs, I'd be extremely grateful!



Thanks in advance,



Mark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170326/bae622a4/attachment.html>

More information about the Users mailing list