[Openswan Users] Apple OS X 10.4

Jacco de Leeuw jacco2 at dds.nl
Wed Apr 27 21:42:18 CEST 2005

> Tiger sends:
> Apr 27 15:26:49 ipcop pluto[26571]: packet from ignoring
> Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]

Hm, this is the vendor ID string "draft-ietf-ipsec-nat-t-ike". It seems that
this string is not known to Openswan 1.0.9 so you may need to upgrade to
the 2.x series (or hack 1.0.9 yourself).

It's a pity that Apple has decided to not send the RFC 3947 string... :-(

> However at this point the connection hangs, until I get this about a minute
> later.

I assume you do not see the message "peer is NATed"? NAT-T probably did not
kick in because of the vendor ID issue mentioned above.

> It's worth noting that the exact same configuration works fine when I connect to
> the Internet using a non-NAT address. But my Vodafone 3G card provides a NAT
> address.

If you are using GPRS you could try to find out if Vodafone has another APN
(say, "Internet") which does provide non-NATed addresses.

>>What I am curious about is whether Apple *finally* added support for
>>certificates in the "Internet Connect" application. Did you notice
>>anything different?
> Yes - you can configure certificates in this application now.

Woohoo! Great!

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list