Hi Team Libreswan I have a Libreswan 4.3 (netkey) running on CentOS 8 which has a roadwarrior setup with the following configuration. All through I followed this guide https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2 Wi th a Linux client, the setup works flawlessly, but I am unable to replicate the same on a Mac client. I tried following the same step by creating a certificate for the Mac client, but the Mac client throws up a lot of errors. I want to know if there's any standard procedure to follow while connecting from a Mac client...? On a Linux, the same procedure works perfectly fine On VPN Server conn COMET left=1.2.3.4 leftsubnet=192.168.1.0/24 leftc ert=sun.abc.com [email protected] leftrsasigkey=%cert leftsendcert=always right=%any rightsubnet=0.0.0.0/ 0 rightca=%same rightrsasigkey=%cert rightid=%fromce rt auto=add dpddelay=60 dpdtimeout=300 dpda ction=clear ikev2=insist fragmentation=yes type=tu nnel
On Linux Client conn SUN left=%defaultroute leftcert=comet.abc.com [email protected] leftrsasigkey=%cert leftsubnet=0.0.0.0/0 right=1.2.3.4 rightsubnet=192.168.1.0/24 [email protected] rightrsasigkey=%cert ikev2=insist rekey=yes fragmentation=y es mobike=yes auto=add # ipsec auto --up SUN181 "SUN" #1: initiating IKEv2 connection181 "SUN" #1: sent IKE_SA_INIT request182 "SUN" #1: sent IKE_AUTH request {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}002 "SUN" #1: certificate verified OK: O=Sun,CN=sun.abc.com002 "SUN" #1: IKEv2 mode peer ID is ID_FQDN: '@sun.abc.com'003 "SUN" #1: authenticated using RSA with SHA2_512002 "SUN" #2: negotiated connection [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.1.0-192.168.1.255:0-65535 0]004 "SUN" #2: IPsec SA established tunnel mode {ESPinUDP=>0x5986144e <0xaced27a0 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=1.2.3.4:4500 DPD=passive} Thanks, Best BA
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
