[Openswan Users] Mac OS X 10.4.3 <-> Openswan

Agent Smith news8080 at yahoo.com
Tue Dec 6 12:09:52 CET 2005 


I saw this and gave it a try but it still looks
broken.

I generated another certauth and another certificate
for my mac 10.4.3 and I am able to connect IPSEC/L2TP
with a public ip but not from behind a nat router. I
get a 'IPsec SA established' when connecting from
behind nat but  l2tp doesn't respons then for some
reason. Works great when I have a public IP on the
mac.

it works well from a windowz box (nat and no-nat) so I
know openswan side is setup to do so but its just
these osx systems and most of my clients use osx so I
have to be able to do this.

currently I use the racoon config on osx behind nat
routers but I'd love to get rid of it since it
requires that I use an IP instead of DNS name and not
that I plan to change my VPN servers IP anytime soon,
its nice to be able to have that ability.


--- Paul Wouters <paul at xelerance.com> wrote:

> On Wed, 23 Nov 2005, Jacco de Leeuw wrote:
> 
> > > the second issue I'm hoping to find information
> about is NAT  Traversal
> > > while using OSX.  from what i can tell openswan
> still(?)  does not support
> > > the OSX NAT-T implementation.
> >
> > There is some Mac support in Openswan 2.4.2 -
> 2.4.4 but it is not there yet.
> > Peter Van der Beken's second patch is still under
> consideration by the
> > Openswan team.
> 
> I am using MacOSX 10.4.3 behind NAT using L2TP with
> Openswan 2.4.4 without
> NAT-T problems. Can someone who think it is still
> broken give me more
> information and preferably logfiles?
> 
> I know rekeying doesn't work properly, but I do not
> think that is a MacOSX
> specific issue.
> 
> >
>
http://www.jacco2.dds.nl/networking/patches/openswan-OSX-swapNATDhashes.patch
> >
> > This is Peter's patch without the parts that are
> already in 2.4.2 - 2.4.4.
> > Openswan 2.4.2 plus this patch worked for me, but
> I did not test it for hours
> > on end. You may have to set rekey=no.
> 
> So I have the same results without that additional
> patch. I actually ran
> bittorrent over l2tp on my mac without problems
> (until rekey time)
> 
> Paul
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> 



		
__________________________________________ 
Yahoo! DSL – Something to write home about. 
Just $16.99/mo. or less. 
dsl.yahoo.com

More information about the Users mailing list