[Swan] How to connect a Mac client to Libreswan

Blue Aquan blueaquan at zuwissen.com
Tue Apr 20 18:11:00 UTC 2021

Hi Team Libreswan	I have a Libreswan 4.3 (netkey) running on
CentOS 8 which has a roadwarrior setup with the following
configuration.  All through I followed this guide 
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2 Wi
th a Linux client, the setup works flawlessly, but I am unable to
replicate the same on a Mac client. I tried following the same step by
creating a certificate for the Mac client, but the Mac client throws up
a lot of errors. I want to know if there's any standard procedure to
follow while connecting from a Mac client...?  
On a Linux, the same procedure works perfectly fine 
On VPN Server
COMET        left=        leftsubnet=        leftc
ert=sun.abc.com        leftid=@sun.abc.com        leftrsasigkey=%cert  
      leftsendcert=always        right=%any        rightsubnet=
0        rightca=%same        rightrsasigkey=%cert	rightid=%fromce
rt        auto=add        dpddelay=60        dpdtimeout=300        dpda
ction=clear        ikev2=insist        fragmentation=yes        type=tu

On Linux Client
conn SUN	left=%defaultroute	leftcert=comet.abc.com	
leftid=@comet.abc.com	leftrsasigkey=%cert	leftsubnet=	
right=	rightsubnet=	rightid=@sun.abc.com	
rightrsasigkey=%cert	ikev2=insist	rekey=yes	fragmentation=y
es	mobike=yes	auto=add

# ipsec auto --up SUN181 "SUN" #1: initiating IKEv2 connection181 "SUN"
#1: sent IKE_SA_INIT request182 "SUN" #1: sent IKE_AUTH request
{auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512
group=MODP2048}002 "SUN" #1: certificate verified OK:
O=Sun,CN=sun.abc.com002 "SUN" #1: IKEv2 mode peer ID is ID_FQDN: 
'@sun.abc.com'003 "SUN" #1: authenticated using RSA with SHA2_512002
"SUN" #2: negotiated connection [ 0] ->
[ 0]004 "SUN" #2: IPsec SA established
tunnel mode {ESPinUDP=>0x5986144e <0xaced27a0 xfrm=AES_GCM_16_256-NONE
NATOA=none NATD= DPD=passive}

Thanks, Best
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20210420/2fa07cfe/attachment.html>

More information about the Swan mailing list