<div dir="ltr">Hi,<div><br></div><div>has anyone managed to get ikev2 with username/password authentication on el capitan working with libreswan?</div><div><br></div><div>Is there a good example config to get started with?</div><div><br></div><div>Kind regards</div><div>Jonas</div><div class="gmail_extra"><br><div class="gmail_quote">2015-07-09 23:21 GMT+02:00 Paul Wouters <span dir="ltr"><<a href="mailto:paul@nohats.ca" target="_blank">paul@nohats.ca</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
I thought this might be of interest to people here,<br>
<br>
Paul<br>
<br>
---------- Forwarded message ----------<br>
Date: Thu, 9 Jul 2015 17:09:51<br>
From: Tommy Pauly <<a href="mailto:tpauly@apple.com" target="_blank">tpauly@apple.com</a>><br>
Cc: Vividh Siddha <<a href="mailto:vsiddha@apple.com" target="_blank">vsiddha@apple.com</a>>, Christophe Allie <<a href="mailto:callie@apple.com" target="_blank">callie@apple.com</a>>,<br>
Delziel Fernandes <<a href="mailto:delziel@apple.com" target="_blank">delziel@apple.com</a>><br>
To: IPsecME WG <<a href="mailto:ipsec@ietf.org" target="_blank">ipsec@ietf.org</a>><br>
Subject: [IPsec] IKEv2 in iOS 9 and OS X El Capitan<br>
<br>
Hello,<br>
<br>
I wanted to give an update to the list about some recent improvements to IPSec support in Apple’s operating<br>
systems. Apple has released the public betas for iOS 9 and OS X El Capitan today, available at <a href="http://beta.apple.com" rel="noreferrer" target="_blank">beta.apple.com</a>. <br>
<br>
As part of these releases, we have extended support for IKEv2, and have made IKEv2 the default VPN type. Here is<br>
a brief summary of what has changed for these releases:<br>
<br>
- IKEv2 is now manually configurable for both iOS and OS X, and is now the default VPN type when adding new VPN<br>
configurations. We support manual configuration of EAP-MSCHAPv2, EAP-TLS, no-EAP certificate auth, and no-EAP<br>
shared secret auth. We also support configuring IKEv2 using a configuration profile, which provides many more<br>
options for different authentication types, crypto algorithms, and enabling/disabling features.<br>
- We now enable MOBIKE (RFC 4555) by default<br>
- We now support IKEv2 Message Fragmentation (RFC 7383)<br>
- We now support server redirect (RFC 5685)<br>
- We support suite-B crypto algorithms<br>
<br>
I encourage anyone who is interested to download the betas and try out IKEv2! If you have feedback or questions,<br>
please send them my way. I’ll also be attending the meeting in Prague.<br>
<br>
Best,<br>
Tommy Pauly<br>
Core OS Networking, Apple<br>_______________________________________________<br>
IPsec mailing list<br>
<a href="mailto:IPsec@ietf.org">IPsec@ietf.org</a><br>
<a href="https://www.ietf.org/mailman/listinfo/ipsec" rel="noreferrer" target="_blank">https://www.ietf.org/mailman/listinfo/ipsec</a><br>
<br>_______________________________________________<br>
Swan mailing list<br>
<a href="mailto:Swan@lists.libreswan.org">Swan@lists.libreswan.org</a><br>
<a href="https://lists.libreswan.org/mailman/listinfo/swan" rel="noreferrer" target="_blank">https://lists.libreswan.org/mailman/listinfo/swan</a><br>
<br></blockquote></div><br></div></div>