[Openswan dev] Re: [PATCH] Openswan and OS X with NAT-T
Jacco de Leeuw
jacco2 at dds.nl
Tue Sep 27 01:29:06 CEST 2005
Peter van der Beken schreef:
> Please find included a patch to Openswan 2.3.1 to make it interoperate
> with OS X using NAT-T. As you probably know, Apple implemented a draft
> version of the NAT-T RFC, only implemented it partially and with an
> incorrect Vendor ID. With this patch I was able to connect to Openswan
> 2.3.1 from behind a NAT, YMMV.
I don't have a Mac at hand currently but it looks interesting. With what
OS X version(s) did you connect? Did you use a PSK or certificates? KLIPS
or NETKEY? How did you work around the floating port issue?
> Note that I'm not advocating to integrate this into the official
> distribution (the fact that Apple uses values that conflict with another
> RFC makes it quite ugly IMHO).
It seems they made a mistake and now they are stuck with it. Even if they
were to release a fixed version, Mac clients won't upgrade overnight.
I guess they value compatibility with the current installed base more
than compatibility with the standard and other implementations.
(Or it could have been a cunning plan to lock customers into OS X Server.
Naaah, that can't be it, can it?)
Michael Richardson wrote:
> Is there a bug report on ADC about this?
I think several people opened tickets.
> Of course, they are under no obligation to release their racoon source.
Actually, source code is available, e.g.:
... but it is under the APSL (incompatible with the GPL), it seems to be
a fork off KAME, no diffs, few comments, no CVS, no mailinglist, etc.
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Dev