[Openswan Users] Apple OS X 10.4
Jacco de Leeuw
jacco2 at dds.nl
Wed Apr 27 21:42:18 CEST 2005
> Tiger sends:
>
> Apr 27 15:26:49 ipcop pluto[26571]: packet from 212.183.131.161:37261: ignoring
> Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
Hm, this is the vendor ID string "draft-ietf-ipsec-nat-t-ike". It seems that
this string is not known to Openswan 1.0.9 so you may need to upgrade to
the 2.x series (or hack 1.0.9 yourself).
It's a pity that Apple has decided to not send the RFC 3947 string... :-(
> However at this point the connection hangs, until I get this about a minute
> later.
I assume you do not see the message "peer is NATed"? NAT-T probably did not
kick in because of the vendor ID issue mentioned above.
> It's worth noting that the exact same configuration works fine when I connect to
> the Internet using a non-NAT address. But my Vodafone 3G card provides a NAT
> address.
If you are using GPRS you could try to find out if Vodafone has another APN
(say, "Internet") which does provide non-NATed addresses.
>>What I am curious about is whether Apple *finally* added support for
>>certificates in the "Internet Connect" application. Did you notice
>>anything different?
>
> Yes - you can configure certificates in this application now.
Woohoo! Great!
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list