[Swan] How to connect a Mac client to Libreswan
Blue Aquan
blueaquan at zuwissen.com
Tue Apr 20 18:11:00 UTC 2021
Hi Team Libreswan I have a Libreswan 4.3 (netkey) running on
CentOS 8 which has a roadwarrior setup with the following
configuration. All through I followed this guide
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2 Wi
th a Linux client, the setup works flawlessly, but I am unable to
replicate the same on a Mac client. I tried following the same step by
creating a certificate for the Mac client, but the Mac client throws up
a lot of errors. I want to know if there's any standard procedure to
follow while connecting from a Mac client...?
On a Linux, the same procedure works perfectly fine
On VPN Server
conn
COMET left=1.2.3.4 leftsubnet=192.168.1.0/24 leftc
ert=sun.abc.com leftid=@sun.abc.com leftrsasigkey=%cert
leftsendcert=always right=%any rightsubnet=0.0.0.0/
0 rightca=%same rightrsasigkey=%cert rightid=%fromce
rt auto=add dpddelay=60 dpdtimeout=300 dpda
ction=clear ikev2=insist fragmentation=yes type=tu
nnel
On Linux Client
conn SUN left=%defaultroute leftcert=comet.abc.com
leftid=@comet.abc.com leftrsasigkey=%cert leftsubnet=0.0.0.0/0
right=1.2.3.4 rightsubnet=192.168.1.0/24 rightid=@sun.abc.com
rightrsasigkey=%cert ikev2=insist rekey=yes fragmentation=y
es mobike=yes auto=add
# ipsec auto --up SUN181 "SUN" #1: initiating IKEv2 connection181 "SUN"
#1: sent IKE_SA_INIT request182 "SUN" #1: sent IKE_AUTH request
{auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512
group=MODP2048}002 "SUN" #1: certificate verified OK:
O=Sun,CN=sun.abc.com002 "SUN" #1: IKEv2 mode peer ID is ID_FQDN:
'@sun.abc.com'003 "SUN" #1: authenticated using RSA with SHA2_512002
"SUN" #2: negotiated connection [0.0.0.0-255.255.255.255:0-65535 0] ->
[192.168.1.0-192.168.1.255:0-65535 0]004 "SUN" #2: IPsec SA established
tunnel mode {ESPinUDP=>0x5986144e <0xaced27a0 xfrm=AES_GCM_16_256-NONE
NATOA=none NATD=1.2.3.4:4500 DPD=passive}
Thanks, Best
BA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20210420/2fa07cfe/attachment.html>
More information about the Swan
mailing list