[Openswan Users] Apple macOSX 10.4.3: no change :(

Agent Smith news8080 at yahoo.com
Fri Nov 4 05:50:40 CET 2005


- This worked for me and my config. no gurantee that
it will work for you

First of all,

This in NOT OFFICIAL OPENSWAN documentation, please
know that before you procede. Also I take no
responsibility if these instructions leaves your
system(s) in un-usable state. 

--------------------------------------------------------------------------------------------

* first make sure you can connect a windows client
with certificates using L2TP/IPSEC.
* now for OSX clients,
* add the following lines (as root) in
/etc/racoon/racoon.conf file 
  remember to backup existing racoon.conf before you
do.

- also remember to change vpn.server.ip.addr and
encr.domain.ip.addr
- your x.509 user certs should be called user.pem and
user.private
- the severs public key should be called server.public
- put user.pem, user.private and server.public into
/etc/racoon/certs

----- cut here section that appends to existing
racoon.conf --------
remote vpn.server.ip.addr {
{
exchange_mode main;
doi ipsec_doi;
situation identity_only;
my_identifier asn1dn ;
certificate_type x509 "user.pem" "user.private";
peers_certfile "server.public";
peers_identifier asn1dn ;
nonce_size 16;
lifetime time 5 minutes;
initial_contact on;
support_mip6 on;
proposal_check obey;

proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method rsasig ;
dh_group 2;
}
}

sainfo address vpn.serer.ip.addr/32 any address
encr.domain.ip.addr/24 any
{
pfs_group 2;
lifetime time 12 hours;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
----- cut here section that appends to existing
racoon.conf --------

* now kill racoon if running 
 - ps aux | grep racoon 
- if found running, kill -9 PID

* now setup your L2PT connection, in the
authentication method, select preshared key and 
  put garbage as the key or use anything else or leave
it blank.
* now connect, 

* the racoon process will start automatically and
create a tunnel that L2TP process can use.



--- Alan Whinery <whinery at hawaii.edu> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>  
> I'm interested -- please do post.
> 
> 
> > L2TP/IPSEC will use a racoon process if it finds
> one running (if
> > not running, it will start it)
> >
> > work beautifully with X.509 certs, haven't tried
> PSKs yet.
> >
> > I'll make the config. and setup instructions
> available on a web
> > server here if anyone is interested.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.0 (MingW32)
> Comment: GnuPT 2.7.2
>  
>
iD8DBQFDaoq9o0Fj2RHXjC4RAosiAJ9rK99PQ0YCr7DmezcKmdu+RjU8aQCgn2wA
> hlFPyfs2vMtrW38RmuCvaX8=
> =RXai
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> 



		
__________________________________ 
Yahoo! FareChase: Search multiple travel sites in one click.
http://farechase.yahoo.com


More information about the Users mailing list