| 1 |
The problem is that the names of the fields on iThings are different |
| 2 |
from the fields I see in NetworkManager, so I don’t know what correlates |
| 3 |
to what. |
| 4 |
|
| 5 |
I have just uninstalled libreswan and installed strongswan, but I can’t |
| 6 |
find evidence of a networkmanager plugin for strongswan in Portage. |eix |
| 7 |
stronswan| only returns one record: |net-misc/strongswan|, which is |
| 8 |
installed. Can I use it without NetworkManager while using |
| 9 |
NetworkManager for basic connectivity? |
| 10 |
|
| 11 |
Here’s the .mobileconfig file, with the juicy-bits redacted: |
| 12 |
|
| 13 |
|<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC |
| 14 |
"-//Apple//DTD PLIST 1.0//EN" |
| 15 |
"http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <!-- Read more: |
| 16 |
https://wiki.strongswan.org/projects/strongswan/wiki/AppleIKEv2Profile |
| 17 |
--> <plist version="1.0"> <dict> <!-- Set the name to whatever you like, |
| 18 |
it is used in the profile list on the device --> |
| 19 |
<key>PayloadDisplayName</key> <string>My IKEv2 VPN Profile</string> <!-- |
| 20 |
This is a reverse-DNS style unique identifier used to detect duplicate |
| 21 |
profiles --> <key>PayloadIdentifier</key> <string>REDACTED</string> <!-- |
| 22 |
A globally unique identifier, use uuidgen on Linux/Mac OS X to generate |
| 23 |
it --> <key>PayloadUUID</key> <string>REDACTED</string> |
| 24 |
<key>PayloadType</key> <string>Configuration</string> |
| 25 |
<key>PayloadVersion</key> <integer>1</integer> <key>PayloadContent</key> |
| 26 |
<array> <!-- It is possible to add multiple VPN payloads with different |
| 27 |
identifiers/UUIDs and names --> <dict> <!-- This is an extension of the |
| 28 |
identifier given above --> <key>PayloadIdentifier</key> |
| 29 |
<string>REDACTED</string> <!-- A globally unique identifier for this |
| 30 |
payload --> <key>PayloadUUID</key> <string>REDACTED</string> |
| 31 |
<key>PayloadType</key> <string>com.apple.vpn.managed</string> |
| 32 |
<key>PayloadVersion</key> <integer>1</integer> <!-- This is the name of |
| 33 |
the VPN connection as seen in the VPN application later --> |
| 34 |
<key>UserDefinedName</key> <string>My IKEv2 VPN</string> |
| 35 |
<key>VPNType</key> <string>IKEv2</string> <key>IKEv2</key> <dict> <!-- |
| 36 |
Hostname or IP address of the VPN server --> <key>RemoteAddress</key> |
| 37 |
<string>REDACTED</string> <!-- Remote identity, can be a FQDN, a |
| 38 |
userFQDN, an IP or (theoretically) a certificate's subject DN. Can't be |
| 39 |
empty. IMPORTANT: DNs are currently not handled correctly, they are |
| 40 |
always sent as identities of type FQDN --> <key>RemoteIdentifier</key> |
| 41 |
<string>REDACTED</string> <!-- Local IKE identity, same restrictions as |
| 42 |
above. If it is empty the client's IP address will be used --> |
| 43 |
<key>LocalIdentifier</key> <string></string> <!-- OnDemand references: |
| 44 |
http://www.v2ex.com/t/137653 |
| 45 |
https://developer.apple.com/library/mac/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html |
| 46 |
Continue reading: https://github.com/iphoting/ovpnmcgen.rb --> |
| 47 |
<key>OnDemandEnabled</key> <integer>1</integer> <key>OnDemandRules</key> |
| 48 |
<array> <dict> <key>Action</key> <string>Connect</string> </dict> |
| 49 |
</array> <!-- The server is authenticated using a certificate --> |
| 50 |
<key>AuthenticationMethod</key> <string>SharedSecret</string> |
| 51 |
<key>SharedSecret</key> <string>REDACTED</string> <!-- Turn off EAP --> |
| 52 |
<key>ExtendedAuthEnabled</key> <integer>0</integer> <!-- AuthName key is |
| 53 |
required to dismiss the Enter Username screen on iOS 9, even if |
| 54 |
ExtendedAuthEnabled is false --> <key>AuthName</key> <string></string> |
| 55 |
<!-- AuthPassword key is required to dismiss the Enter Password screen |
| 56 |
on iOS 9, even if ExtendedAuthEnabled is false --> |
| 57 |
<key>AuthPassword</key> <string></string> </dict> </dict> </array> |
| 58 |
</dict> </plist> | |
| 59 |
|
| 60 |
|
Archives