[Openswan Users] Re: MacOSX 10.4.2: same problems woth NAT-T

Alan Whinery whinery at hawaii.edu
Wed Jul 13 09:32:26 CEST 2005

Just in case any of this is useful:

I've been playing with this off and on over the last month. One slight, 
discouraging revelation was that if you enable the root account and log 
into the gui as root (if  I remember correctly), then you can import the 
X.509 certificate with the Apple keyring app, then the CA cert (I am 
using a local CA), which gets you past the initial "no machine 
certificate" stuff.

The milestone (stumbling block?) I'm currently sitting on on the Mac 
10.4.2 side is:
Jun 14 09:21:56 bender pluto[1744]: "roadwarrior-l2tp"[380] 
#1287: ignoring informational payload, type INVALID_CERTIFICATE

Wherein the mac appears to be complaining about the server's 
certificate. None of the many Windows clients complain about that 
certificate -- Macs are too whiny.

I'm doing a talk on this next week in Vancouver, I'm kind of giving up 
on getting rid of the word "probably" from the Mac slide...


More information about the Users mailing list