strongSwan on Mac OS X¶

Since strongSwan 4.3.4 the IKE daemon charon runs on Mac OS X. There are some limitations and it is not thoroughly tested.

Please note that releases before 5.0.0 don't support IKEv1 because the old pluto IKEv1 daemon was not ported to Mac OS X.

This document describes how to install strongSwan on Mac OS X Leopard 10.5+.

Prerequisites¶

Xcode Tools and MacPorts is required to build strongSwan on Mac OS X.

Because Xcode Tools are also required by MacPorts, please refer to their installation guide on how to install both of these packages.

Libraries¶

After installing Xcode Tools and MacPorts you will need to install two libraries provided by MacPorts:

• vstr
• gmp

Refer to the MacPort Guide on how to do so.

Building strongSwan¶

Note: We intend to provide a port for strongSwan in MacPorts later on.

Get the latest tarball and configure strongSwan as follows:

./configure --enable-kernel-pfkey --enable-kernel-pfroute --disable-kernel-netlink --enable-vstr \
            --disable-tools --disable-scripts --with-group=wheel --with-lib-prefix=/opt/local

Note:

• For releases before 5.0.0 you also need to add --disable-pluto.

Limitations¶

• Mac OS X 10.5 doesn't provide any means (e.g. IP_PKTINFO or IP_SENDSRCADDR) to set the source address of IPv4 UDP packets sent over wildcard sockets.
  This could create problems for multihomed gateways.

• Due to the lack of policy based routes, virtual IPs can not be used (client-side).

• The kernel-pfroute interface lacks some final tweaks to fully support MOBIKE.