[Openswan Users] Apple OS X 10.4
jamesp at hisser.org
jamesp at hisser.org
Wed Apr 27 16:20:02 CEST 2005
Hi All
I am new to openswan, as I have been using OpenVPN in the past, to allow me to
connect back to my home servers whilst at customer sites. Unfortunately
something in Apple's latest O/S (Tiger) breaks OpenVPN for now.
So I thought I'd take a look at IPsec. I have been able to get it working today,
using Openswan 1.0.7 as below:
Apr 27 13:36:18 ipcop pluto[25735]: Starting Pluto (Openswan Version 1.0.7)
Apr 27 13:36:18 ipcop pluto[25735]: including X.509 patch with traffic
selectors (Version 0.9.42)
Apr 27 13:36:18 ipcop pluto[25735]: including NAT-Traversal patch (Version
0.6)
However, the NAT-T part does not seem to want to work. I get a message like this
in the log when I try to connect:
Apr 27 15:14:58 ipcop pluto[25735]: "RoadWarriorX509"[10] 212.183.131.161:44599
#21: cannot respond to IPsec SA request because no connection is known for
62.49.72.126:17/1701...212.183.131.161:44599[10.16.17.32]:17/%any===10.16.17.32/32
The NATed IP of my client is 10.16.17.32 and this is being translated to
212.183.131.161.
My ipsec.conf looks like this:
-----------
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=yes
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8
conn %default
keyingtries=0
disablearrivalcheck=no
conn RoadWarriorX509
left=62.49.72.126
leftnexthop=%defaultroute
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
dpddelay=30
dpdtimeout=120
dpdaction=clear
authby=secret
pfs=no
auto=add
------------
I am using a PSK to connect.
Can anyone give me any ideas of what to try next? It's quite possible that
Tiger's implementation of NAT-T is broken, but how would I go about checking
this without having to ask some clueless Apple rep?
Thanks in advance!
James
More information about the Users
mailing list