我正在尝试使用NetworkExtension框架在Mac OSX上实现IKEv2 vpn连接。每次我弹出一个输入我的vpn连接密码。根据NEVPNProtocol规范,可以通过提供存储在钥匙串中的密码的持久引用来提供密码。但它不起作用。我在iOS中尝试过相同的IKEv2配置代码,但效果很好。
我写了一个示例应用程序来演示我是如何做到的 - https://github.com/kestutisbalt/osx-ikev2-sample
如何在密钥链中存储密码:
class func set(key: String, value: String) {
let query: [NSObject: AnyObject] = [
kSecValueData: value.dataUsingEncoding(NSUTF8StringEncoding)!,
kSecClass: kSecClassGenericPassword,
kSecAttrGeneric: key,
kSecAttrAccount: key,
kSecAttrAccessible: kSecAttrAccessibleAlways,
kSecAttrService: NSBundle.mainBundle().bundleIdentifier!
]
clear(key)
SecItemAdd(query as CFDictionaryRef, nil)
}
如何从钥匙串中检索持久性参考:
class func persistentRef(key: String) -> NSData? {
let query: [NSObject: AnyObject] = [
kSecClass: kSecClassGenericPassword,
kSecAttrGeneric: key,
kSecAttrAccount: key,
kSecAttrAccessible: kSecAttrAccessibleAlways,
kSecMatchLimit: kSecMatchLimitOne,
kSecAttrService: NSBundle.mainBundle().bundleIdentifier!,
kSecReturnPersistentRef: kCFBooleanTrue
]
var secItem: AnyObject?
let result = SecItemCopyMatching(query, &secItem)
if result != errSecSuccess {
return nil
}
return secItem as? NSData
}
IKEv2配置:
private func createIKEv2Protocol(host: String,
username: String, password: String) -> NEVPNProtocolIKEv2 {
Keychain.set(username, value: password)
let passwordRef = Keychain.persistentRef(username)
if passwordRef == nil {
log("Failed to query password persistent ref")
}
let config = NEVPNProtocolIKEv2()
config.remoteIdentifier = host
config.serverAddress = host
config.useExtendedAuthentication = true
config.username = username
config.passwordReference = passwordRef
return config
}
答案 0 :(得分:2)
Apple开发人员支持回复了我的问题:
The issue with your code is that it’s attempting to set up VPN in an unsupported way. Specifically, IKEv2 VPN does not support password-based authentication. The options you have for IKEv2 are listed in the NEVPNIKEAuthenticationMethod
enum,即.Certificate和.SharedSecret。