Yep I did put the FQDN of the server as SubectAltName. The client certificate is validated on the server side, the server certificate seems to be the problem (the 6th main mode message contains the responder certificate according to IKE spec).<div>
<br></div><div> Do you get a working L2TP/IPsec session with Mac OS X ?</div><div><br></div><div>Thanks,</div><div><br></div><div>mathieu.</div><div><br><div class="gmail_quote">On Fri, Mar 19, 2010 at 11:52 AM, Anthony Lester <span dir="ltr"><<a href="mailto:alester@free.fr">alester@free.fr</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Hello Mathieu,<br>
<br>
If you are are using Mac OS X as a client and you generated your certificates using OpenSSL, did you make sure that you have something for the "Subject Alternative Name" (e.g. your EMail) in the client certificate and that the "Subject Alternative Name" in the certificate for the gateway corresponds to the Server Address.<br>
<br>
Just an idea<br>
<br>
Anthony<div><div></div><div class="h5"><br>
<br>
On 19 Mar 2010, at 11:02, Mathieu Peresse wrote:<br>
<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div></div><div class="h5">
Hi all,<br>
<br>
I've been playing with OpenSwan and xl2tpd recently, and I have a question regarding Mac OS X interoperability:<br>
<br>
First, did anyone managed to get the racoon logs more verbose ?<br>
<br>
IKE negociation fails in Main Mode (message 6 says racoon, i guess it's the last one), racoon log only says "Auth Failed"..<br>
My guess is that my root certificate installed on Mac OS X (10.6) cannot be found for some reason ?... It is installed and marked as trusted though...<br>
<br>
Any clue ?<br>
<br>
-- <br>
a+<br>
mathieu<br></div></div>
_______________________________________________<br>
<a href="mailto:Users@openswan.org" target="_blank">Users@openswan.org</a><br>
<a href="http://lists.openswan.org/mailman/listinfo/users" target="_blank">http://lists.openswan.org/mailman/listinfo/users</a><br>
Building and Integrating Virtual Private Networks with Openswan:<br>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
</blockquote>
<br>
</blockquote></div><br><br clear="all"><br>-- <br>a+<br>mathieu<br>
</div>