Updated #1 (20140415): The Cisco VPN configuration instructions are available in the Apple
How do you configure a IPSEC VPN server with Apple Mac OSX client compatibility?
There are various HOWTOs on the net that tell you how to configure various VPN appliances and IPSEC software (Racoon, StrongSwan, OpenSwan etc) to work with Apple Mac OSX and IOS devices. While you can continue to refer these HOWTOS, what if you could have access to the actual configuration information that a Mac OSX device uses to connect as a IPSEC client?
Having access to the actual client config on a Mac OSX will allow you to configure the server side and aid in debugging. Additionally, you will have the flexibility to disable weaker encryption algorithms on the server side without breaking compatibility with the Apple device.
Apple devices use the racoon(8) IPSEC key management daemon. The configuration is created at runtime and available under the /var/run/racoon/ folder when the VPN connection is initiated. The trick would be to fetch the config file by creating a dummy IPSEC connection entry, connect to the endpoint and fetch the config quickly as below:
The config file would now be available under the /tmp/ folder. Here is what mine looks like on Mac OSX Mavericks 10.9.2. It would be trivial to configure phase1 and phase2 settings on a IPSEC VPN server to support Mac clients based on the client config information.
remote x.x.x.x {
endpoint security encryption endpoint security benefitsTAGS
CATEGORIES