[Swan] libreswan inside local network with NAT (left) - MacOS roadwarrior (right)
Paul Wouters
paul at nohats.ca
Fri Nov 4 11:53:55 EET 2022
On Thu, 3 Nov 2022, Rodrigo Gruppelli wrote:
> You're talking about this example?
> https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2
Yes.
> Below is the configuration I wrote... based on my scenario described in the first email, is it correct?
Seems okay.
> When I create the VPN connection inside the MacOS Network Preferences, inside authentication settings, I have the following options, but I can make no
> sense of any:
> - user authentication: then it asks the username and password. What user/pass?
don't fill it in - it is only used for EAP-mschapv2 authentication
> - certificate authentication: then it shows 2 certificates to choose: com.apple.systemdefault and com.apple.kerberos.kdc ....
Yes, it should show your certificate if you imported it as PKCS#12. If
it does not show up, it likely is missing a proper SAN FQDN setting on
the certificate.
> - none: then it shows a field for a pre-shared key... (what pre-shared key?) or to choose one of the certificates above.
Don't use that.
Paul
More information about the Swan
mailing list