[Openswan Users] Re: ANNOUNCE: x509 patch with port wildcard interoperates now with Mac OS X Panther

Jacco de Leeuw jacco2 at dds.nl
Tue Mar 2 14:58:03 CET 2004


Andreas Steffen wrote:

> Version 0.9.38 of the X.509 patch for freeswan-1.99 and version 1.5.3
> for freeswan-2.04 and freeswan-2.05, respectively, offer a %any port
> wildcard parameter. This new feature allows the long-desired 
> interoperability with the L2TP-over-IPsec stack of Mac OS X Panther
 > which uses a floating L2TP source port in its IPsec SA request.

Thanks, Andreas!

> The notation in ipsec.conf is as follows:
> 
>   conn l2tp
>        right=%any
>        rightprotoport=17/%any
>        left=%defaultroute
>        leftid=@pluto.strongsec.com
>        leftprotoport=17/1701

Note that the Panther VPN GUI currently only does not support certificates,
only preshared keys...  :-(

Using right=%any with preshared keys has its problems:
http://www.freeswan.org/freeswan_snaps/CURRENT-SNAP/doc/faq.html#road.PSK

I've been told by an Apple employee that certificate support is on their
to-do list.

Jacco
-- 
Jacco de Leeuw
mailto:jacco2 at dds.nl                Sign in physics lab:
http://www.jacco2.dds.nl          "Do not look into laser
Zaandam, the Netherlands           with *remaining* eye".



More information about the Users mailing list