On Friday 19 Feb 2016 15:36:20 Mick wrote: > On Friday 19 Feb 2016 14:51:40 Daniel Quinn wrote: > > Hello all, I’ve been asked to connect my Gentoo box to a StrongSwan VPN > > and was offered a .mobileconfig file as means to connect. Unfortunately, > > this appears to be a special-Apple-only-format and I can’t make heads or > > tails of the contents. > > As I understand it this is a file in XML format to pass on to the apple > client (iPhone and the like) the configuration parameters for the VPN > connection. > > I understand that the server is Ubuntu running > > StrongSwan using a shared secret, but that’s all I know at this point, > > > > so my questions are: > > * Can I use NetworkManager (and as I understand it, LibreSwan) to > > > > connect? > > > > o If so, how do I translate the fields in the .mobileconfig to > > > > gateway, group name, user password, group password, user name, > > phase 1 algorithms, phase 2 algorithms, and domain? (The fields > > presented in GNOME’s NetworkManager dialogue for an OpenSwan VPN). > > Have you tried using strongswan instead? It has a plugin for > networkmanager, so I guess the configuration file will translate to what > you see in the NM GUI. > > I do not have access to a .mobileconfig file to know what it looks like, but > if you can obfuscate anything private and share the rest I can try to guess > how it corresponds to the strongswan configuration file. > > > * If I can’t (or shouldn’t?) use NetworkManager, what’s the right way > > > > to handle this? Is there a utility for handling .mobileconfig files > > in Linux? > > I don't know of a utility that can parse the .mobileconfig file, other than > trying it in an iPhone to see what settings it applies. However, once you > find out what these settings are you can enter them in the strongswan > configuration file and NM ought to just use them.
I found this reference for IKEv2, IKEv1 would be similar: https://wiki.strongswan.org/projects/strongswan/wiki/AppleIKEv2Profile -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.