1 |
The problem is that the names of the fields on iThings are different |
2 |
from the fields I see in NetworkManager, so I don’t know what correlates |
3 |
to what. |
4 |
|
5 |
I have just uninstalled libreswan and installed strongswan, but I can’t |
6 |
find evidence of a networkmanager plugin for strongswan in Portage. |eix |
7 |
stronswan| only returns one record: |net-misc/strongswan|, which is |
8 |
installed. Can I use it without NetworkManager while using |
9 |
NetworkManager for basic connectivity? |
10 |
|
11 |
Here’s the .mobileconfig file, with the juicy-bits redacted: |
12 |
|
13 |
|<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC |
14 |
"-//Apple//DTD PLIST 1.0//EN" |
15 |
"http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <!-- Read more: |
16 |
https://wiki.strongswan.org/projects/strongswan/wiki/AppleIKEv2Profile |
17 |
--> <plist version="1.0"> <dict> <!-- Set the name to whatever you like, |
18 |
it is used in the profile list on the device --> |
19 |
<key>PayloadDisplayName</key> <string>My IKEv2 VPN Profile</string> <!-- |
20 |
This is a reverse-DNS style unique identifier used to detect duplicate |
21 |
profiles --> <key>PayloadIdentifier</key> <string>REDACTED</string> <!-- |
22 |
A globally unique identifier, use uuidgen on Linux/Mac OS X to generate |
23 |
it --> <key>PayloadUUID</key> <string>REDACTED</string> |
24 |
<key>PayloadType</key> <string>Configuration</string> |
25 |
<key>PayloadVersion</key> <integer>1</integer> <key>PayloadContent</key> |
26 |
<array> <!-- It is possible to add multiple VPN payloads with different |
27 |
identifiers/UUIDs and names --> <dict> <!-- This is an extension of the |
28 |
identifier given above --> <key>PayloadIdentifier</key> |
29 |
<string>REDACTED</string> <!-- A globally unique identifier for this |
30 |
payload --> <key>PayloadUUID</key> <string>REDACTED</string> |
31 |
<key>PayloadType</key> <string>com.apple.vpn.managed</string> |
32 |
<key>PayloadVersion</key> <integer>1</integer> <!-- This is the name of |
33 |
the VPN connection as seen in the VPN application later --> |
34 |
<key>UserDefinedName</key> <string>My IKEv2 VPN</string> |
35 |
<key>VPNType</key> <string>IKEv2</string> <key>IKEv2</key> <dict> <!-- |
36 |
Hostname or IP address of the VPN server --> <key>RemoteAddress</key> |
37 |
<string>REDACTED</string> <!-- Remote identity, can be a FQDN, a |
38 |
userFQDN, an IP or (theoretically) a certificate's subject DN. Can't be |
39 |
empty. IMPORTANT: DNs are currently not handled correctly, they are |
40 |
always sent as identities of type FQDN --> <key>RemoteIdentifier</key> |
41 |
<string>REDACTED</string> <!-- Local IKE identity, same restrictions as |
42 |
above. If it is empty the client's IP address will be used --> |
43 |
<key>LocalIdentifier</key> <string></string> <!-- OnDemand references: |
44 |
http://www.v2ex.com/t/137653 |
45 |
https://developer.apple.com/library/mac/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html |
46 |
Continue reading: https://github.com/iphoting/ovpnmcgen.rb --> |
47 |
<key>OnDemandEnabled</key> <integer>1</integer> <key>OnDemandRules</key> |
48 |
<array> <dict> <key>Action</key> <string>Connect</string> </dict> |
49 |
</array> <!-- The server is authenticated using a certificate --> |
50 |
<key>AuthenticationMethod</key> <string>SharedSecret</string> |
51 |
<key>SharedSecret</key> <string>REDACTED</string> <!-- Turn off EAP --> |
52 |
<key>ExtendedAuthEnabled</key> <integer>0</integer> <!-- AuthName key is |
53 |
required to dismiss the Enter Username screen on iOS 9, even if |
54 |
ExtendedAuthEnabled is false --> <key>AuthName</key> <string></string> |
55 |
<!-- AuthPassword key is required to dismiss the Enter Password screen |
56 |
on iOS 9, even if ExtendedAuthEnabled is false --> |
57 |
<key>AuthPassword</key> <string></string> </dict> </dict> </array> |
58 |
</dict> </plist> | |
59 |
|
60 |
|