[Swan] How to connect a Mac client to Libreswan

Blue Aquan blueaquan at zuwissen.com
Tue Apr 20 18:11:00 UTC 2021 

Hi Team Libreswan	I have a Libreswan 4.3 (netkey) running on
CentOS 8 which has a roadwarrior setup with the following
configuration.  All through I followed this guide 
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2 Wi
th a Linux client, the setup works flawlessly, but I am unable to
replicate the same on a Mac client. I tried following the same step by
creating a certificate for the Mac client, but the Mac client throws up
a lot of errors. I want to know if there's any standard procedure to
follow while connecting from a Mac client...?  
On a Linux, the same procedure works perfectly fine 
On VPN Server
conn
COMET        left=1.2.3.4        leftsubnet=192.168.1.0/24        leftc
ert=sun.abc.com        leftid=@sun.abc.com        leftrsasigkey=%cert  
      leftsendcert=always        right=%any        rightsubnet=0.0.0.0/
0        rightca=%same        rightrsasigkey=%cert	rightid=%fromce
rt        auto=add        dpddelay=60        dpdtimeout=300        dpda
ction=clear        ikev2=insist        fragmentation=yes        type=tu
nnel



On Linux Client
conn SUN	left=%defaultroute	leftcert=comet.abc.com	
leftid=@comet.abc.com	leftrsasigkey=%cert	leftsubnet=0.0.0.0/0	
right=1.2.3.4	rightsubnet=192.168.1.0/24	rightid=@sun.abc.com	
rightrsasigkey=%cert	ikev2=insist	rekey=yes	fragmentation=y
es	mobike=yes	auto=add



# ipsec auto --up SUN181 "SUN" #1: initiating IKEv2 connection181 "SUN"
#1: sent IKE_SA_INIT request182 "SUN" #1: sent IKE_AUTH request
{auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512
group=MODP2048}002 "SUN" #1: certificate verified OK:
O=Sun,CN=sun.abc.com002 "SUN" #1: IKEv2 mode peer ID is ID_FQDN: 
'@sun.abc.com'003 "SUN" #1: authenticated using RSA with SHA2_512002
"SUN" #2: negotiated connection [0.0.0.0-255.255.255.255:0-65535 0] ->
[192.168.1.0-192.168.1.255:0-65535 0]004 "SUN" #2: IPsec SA established
tunnel mode {ESPinUDP=>0x5986144e <0xaced27a0 xfrm=AES_GCM_16_256-NONE
NATOA=none NATD=1.2.3.4:4500 DPD=passive}



Thanks, Best
BA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20210420/2fa07cfe/attachment.html>

More information about the Swan mailing list