Unified in-app VPN SDK's for Microsoft Windows Vista+, Android 4.4+, Mac OS 10.7+, iOS 9.0+, Ubuntu Linux LTS 18.04+. Earlier OS versions can be supported as well by request. Please contact [email protected] to receive your own API key.

Copyright © 2019 VPNWholesaler.com. All rights reserved.

Back

3.27 StartVPNConnIKEv2 OS X Example

How to build IPSec command from StrongSwan source

Download and Build openssl

Download openssl source from openssl.org and build it

# wget https://www.openssl.org/source/openssl-$version.tar.gz
# tar xvzf openssl-$version.tar.gz
# cd openssl-$version
# ./Configure darwin64-x86_64-cc shared enable-ec_nistp_64_gcc_128 no-ssl2 no-ssl3 no-comp --prefix=/Library/Preferences/ovscore CFLAGS="-g -O2 -mmacosx-version-min=10.6"
# make && make install

Download strongswan

Download strongswan source from strongswan.org

# wget https://download.strongswan.org/strongswan-$version.tar.gz
# tar xvzf strongswan-$version.tar.gz
# cd strongswan-$version

Change strongswan source

    diff -uNr strongswan-5.8.4/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c strongswan-5.8.4-new/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c
    --- strongswan-5.8.4/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c  2020-03-29 16:59:15.000000000 +0800
    +++ strongswan-5.8.4-new/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c  2020-04-30 23:49:15.000000000 +0800
    @@ -1249,6 +1249,37 @@
                                                this->vip_wait);
        }
        this->mutex->unlock(this->mutex);
    +
    +   if (timeout)
    +   {
    +       tun->destroy(tun);
    +       timeout = FALSE;
    +
    +       tun = tun_device_create(NULL);
    +       if (!tun)
    +       {
    +           return FAILED;
    +       }
    +       if (prefix == -1)
    +       {
    +           prefix = vip->get_address(vip).len * 8;
    +       }
    +       if (!tun->up(tun) || !tun->set_address(tun, vip, prefix))
    +       {
    +           tun->destroy(tun);
    +           return FAILED;
    +       }
    +
    +       /* wait until address appears */
    +       this->mutex->lock(this->mutex);
    +       while (!timeout && !get_interface_name(this, vip, NULL))
    +       {
    +           timeout = this->condvar->timed_wait(this->condvar, this->mutex,
    +                                               this->vip_wait);
    +       }
    +       this->mutex->unlock(this->mutex);
    +   }
    +
        if (timeout)
        {
            DBG1(DBG_KNL, "virtual IP %H did not appear on %s",
    diff -uNr strongswan-5.8.4/src/starter/starter.c strongswan-5.8.4-new/src/starter/starter.c
    --- strongswan-5.8.4/src/starter/starter.c  2020-03-29 16:59:15.000000000 +0800
    +++ strongswan-5.8.4-new/src/starter/starter.c  2020-04-28 15:17:56.000000000 +0800
    @@ -51,7 +51,7 @@

     static const char* cmd_default = IPSEC_DIR "/charon";
     static const char* pid_file_default = IPSEC_PIDDIR "/charon.pid";
    -static const char* starter_pid_file_default = IPSEC_PIDDIR "/starter.pid";
    +static const char* starter_pid_file_default = IPSEC_PIDDIR "/starter.charon.pid";

     char *daemon_name = NULL;
     char *cmd = NULL;
    @@ -293,21 +293,14 @@
            daemon_name = "charon";
        }

    -   if (asprintf(&cmd, IPSEC_DIR"/%s", daemon_name) < 0)
    +   if (asprintf(&cmd, "/%s", daemon_name) < 0)
        {
             cmd = (char*)cmd_default;
        }

    -   if (asprintf(&pid_file, IPSEC_PIDDIR"/%s.pid", daemon_name) < 0)
    -   {
    -        pid_file = (char*)pid_file_default;
    -   }
    +   pid_file = (char *)pid_file_default;

    -   if (asprintf(&starter_pid_file, IPSEC_PIDDIR"/starter.%s.pid",
    -                daemon_name) < 0)
    -   {
    -        starter_pid_file = (char*)starter_pid_file_default;
    -   }
    +   starter_pid_file = (char *)starter_pid_file_default;

        return TRUE;
     }

Build strongswan

# ./configure --disable-aes --disable-des --disable-rc2 --disable-sha1 --disable-sha2 --disable-md5 --disable-random --disable-pkcs7 --disable-pkcs12 --disable-dnskey --disable-fips-prf --disable-xcbc --disable-cmac --disable-hmac --disable-drbg --disable-attr --disable-resolve --enable-openssl --disable-kernel-netlink --enable-kernel-pfroute --enable-kernel-pfkey --disable-gmp --enable-osx-attr --enable-eap-identity --enable-eap-md5 --enable-eap-gtc  --enable-eap-mschapv2 --enable-unity --disable-shared --enable-static --enable-monolithic --prefix=/Users/devel/tmp/ --sysconfdir=/Library/Preferences/ovscore/etc --with-ipseclibdir=/Library/Preferences/ovscore/lib CFLAGS="-g -O2 -mmacosx-version-min=10.6 -I/Library/Preferences/ovscore/include" LDFLAGS="-L/Library/Preferences/ovscore/lib"
# make && make install

After build openssl and strongswan, we can find openssl and ipsec in /Library/Preferences/ovscore folder and /Users/devel/tmp folder.

/Library/Preferences/ovscore : ipsec configuration folder(we should copy/paste all configuration and library files on user machine when user install App).

/Users/devel/tmp: ipsec binary folder, we can change binary folder(ex: /Applications/MacVPN.app/Contents/Resources/ipsec/).

Change ipsec script: ipsec script path is /Users/devel/tmp/sbin/ipsec

    # set daemon name
    [ -z "$DAEMON_NAME" ] && DAEMON_NAME="charon"

    # name and version of the ipsec implementation
    OS_NAME=`uname -s`
    IPSEC_NAME="strongSwan"
    IPSEC_VERSION="U5.8.4/K`uname -r`"

    # where the private directory and the config files are
    IPSEC_DIR="/Users/devel/tmp/libexec/ipsec"
    IPSEC_BINDIR="/Users/devel/tmp/bin"
    IPSEC_SBINDIR="/Users/devel/tmp/sbin"
    IPSEC_CONFDIR="/Library/Preferences/ovscore/etc"
    IPSEC_PIDDIR="/var/run"
    IPSEC_SCRIPT="ipsec"

    IPSEC_STARTER_PID="${IPSEC_PIDDIR}/starter.${DAEMON_NAME}.pid"
    IPSEC_CHARON_PID="${IPSEC_PIDDIR}/${DAEMON_NAME}.pid"

to

    # name and version of the ipsec implementation
    OS_NAME=`uname -s`
    IPSEC_NAME="strongSwan"
    IPSEC_VERSION="U5.8.4/K`uname -r`"

    # where the private directory and the config files are
    IPSEC_DIR="/Applications/MacVPN.app/Contents/Resources/ipsec/libexec/ipsec"
    IPSEC_BINDIR="/Applications/MacVPN.app/Contents/Resources/ipsec/bin"
    IPSEC_SBINDIR="/Applications/MacVPN.app/Contents/Resources/ipsec/sbin"
    IPSEC_CONFDIR="/Library/Preferences/ovscore/etc"
    IPSEC_PIDDIR="/var/run"
    IPSEC_SCRIPT="ipsec"

    # set daemon name
    [ -z "$DAEMON_NAME" ] && DAEMON_NAME="${IPSEC_DIR}/charon"

    IPSEC_STARTER_PID="${IPSEC_PIDDIR}/starter.charon.pid"
    IPSEC_CHARON_PID="${IPSEC_PIDDIR}/charon.pid"