[Openswan Users] MacOSX 10.4.2: same problems woth NAT-T and X.509

Jacco de Leeuw jacco2 at dds.nl
Wed Jul 13 11:13:14 CEST 2005

Paul Wouters wrote:

> Just for those who are curious about the latest MacOSX Tiger update, 10.4.2
> that just got released. I played with it for a few hours, again without
> any progress.
> - NAT-Traversal is still broken. We still have not managed to interop with
>    their broken implementation of RFC3847/3948 or any of the nat_traversal
>    drafts.

Could you determine what exactly goes wrong? Presumably Apple released the
source code for their modified racoon, right? Would it be an option to get
into some kind of dialogue with the Apple engineers? I wouldn't dare to
speculate why they did this...

I have access to a Mac running 10.3.9 but it only supports PSKs. NAT-T did not
seem to be negotiated in when I tried it. Can you confirm this on 10.4.2? NAT-T
with a PSK isn't particularly useful, but it's all the Panther users got...

> - I still haven't been able to properly import and use X.509 certificates
>    for use with L2TP/IPsec VPNs. If anyone knows what magic the certificate
>    or KeyChainAccess.app needs, please contact me.

Now this is really strange. This is supposed to work for Tiger clients
connecting to Tiger server, right? I too looked around on Mac support forums
but there is little mention of people actually using L2TP/IPsec.

Thanks for the status update, Paul.

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list