[Openswan Users]
Re: ANNOUNCE: x509 patch with port wildcard interoperates now with
Mac OS X Panther
Jacco de Leeuw
jacco2 at dds.nl
Tue Mar 2 14:58:03 CET 2004
Andreas Steffen wrote:
> Version 0.9.38 of the X.509 patch for freeswan-1.99 and version 1.5.3
> for freeswan-2.04 and freeswan-2.05, respectively, offer a %any port
> wildcard parameter. This new feature allows the long-desired
> interoperability with the L2TP-over-IPsec stack of Mac OS X Panther
> which uses a floating L2TP source port in its IPsec SA request.
Thanks, Andreas!
> The notation in ipsec.conf is as follows:
>
> conn l2tp
> right=%any
> rightprotoport=17/%any
> left=%defaultroute
> leftid=@pluto.strongsec.com
> leftprotoport=17/1701
Note that the Panther VPN GUI currently only does not support certificates,
only preshared keys... :-(
Using right=%any with preshared keys has its problems:
http://www.freeswan.org/freeswan_snaps/CURRENT-SNAP/doc/faq.html#road.PSK
I've been told by an Apple employee that certificate support is on their
to-do list.
Jacco
--
Jacco de Leeuw
mailto:jacco2 at dds.nl Sign in physics lab:
http://www.jacco2.dds.nl "Do not look into laser
Zaandam, the Netherlands with *remaining* eye".
More information about the Users
mailing list