[Swan] libreswan inside local network with NAT (left) - MacOS roadwarrior (right)

Paul Wouters paul at nohats.ca
Fri Nov 4 11:53:55 EET 2022

On Thu, 3 Nov 2022, Rodrigo Gruppelli wrote:

> You're talking about this example?
> https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2 


> Below is the configuration I wrote... based on my scenario described in the first email, is it correct?

Seems okay.

> When I create the VPN connection inside the MacOS Network Preferences, inside authentication settings, I have the following options, but I can make no
> sense of any:
> - user authentication: then it asks the username and password. What user/pass?

don't fill it in - it is only used for EAP-mschapv2 authentication

> - certificate authentication: then it shows 2 certificates to choose: com.apple.systemdefault and com.apple.kerberos.kdc ....  

Yes, it should show your certificate if you imported it as PKCS#12. If
it does not show up, it likely is missing a proper SAN FQDN setting on
the certificate.

> - none: then it shows a field for a pre-shared key... (what pre-shared key?) or to choose one of the certificates above.

Don't use that.


More information about the Swan mailing list