strongSwan on Mac OS X¶

The IKEv2 daemon charon has recently been ported to Mac OS X. There are some limitations and it is not thoroughly tested.

This document describes how to install strongSwan on Mac OS X Leopard 10.5.

Prerequisites¶

Xcode Tools and MacPorts is required to build strongSwan on Mac OS X.

Because Xcode Tools are also required by MacPorts, please refer to their installation guide on how to install both of these packages.

Libraries¶

After installing Xcode Tools and MacPorts you will need to install two libraries provided by MacPorts:

• vstr
• gmp

Refer to the MacPort Guide on how to do so.

Building strongSwan¶

Note: We intend to provide a port for strongSwan in MacPorts later on.

Get the latest tarball and configure strongSwan as follows:

./configure --enable-kernel-pfkey --enable-kernel-pfroute --disable-kernel-netlink --enable-vstr \
            --disable-tools --disable-scripts --disable-pluto --with-group=wheel --with-lib-prefix=/opt/local

Limitations¶

• Mac OS X 10.5 doesn't provide any means (e.g. IP_PKTINFO or IP_SENDSRCADDR) to set the source address of IPv4 UDP packets sent over wildcard sockets.
  This could create problems for multihomed gateways.

• Due to the lack of policy based routes, virtual IPs can not be used (client-side).

• The kernel-pfroute interface lacks some final tweaks to fully support MOBIKE.