[Openswan Users] Apple macOSX 10.4.3: no change :(

Paul Wouters paul at xelerance.com
Tue Nov 1 23:50:00 CET 2005


On Tue, 1 Nov 2005, Agent Smith wrote:

> It does work when you use racoon though thats the
> point I am trying to make.
>
> and by 'using racoon' I mean exactly that, use racoon,
> the config file is at /etc/racoon/racoon.conf

I'm still confused. So I assume in the racoon.conf you specify
the X.509 certificate, thereby bypassing Keychain Access.app.
But how does this make the VPN available in Internet Connect?

Paul

>
> --- Jacco de Leeuw <jacco2 at dds.nl> wrote:
>
> >
> > Paul Wouters wrote:
> >
> > > I just installed the apple tiger update (10.4.3).
> > Although the error message for
> > > trying to select an X.509 certificate instead of
> > presharedkey has improved from
> > > "error no valid certificate found" to "no valid
> > certificate found, use keychain
> > > access to import one", I am still unable to get
> > X.509 certificates to work on
> > > MacOSX.
> >
> > Apple has also not changed a thing in racoon since
> > Mac OS X 10.4.0:
> >
> http://darwinsource.opendarwin.org/10.4.3/network_cmds-245.1/racoon.tproj/
> >
> > I.e. still the non-standard NAT-T, still based on an
> > old racoon that has
> > been discontinued. Sigh.
> >
> > I don't think there is any source code for the GUI
> > part of the Mac's VPN
> > client, so we can't investigate what is going on.
> >
> > > How are you "using racoon"?
> > > I am simply trying to use Apple's GUI in Internet
> > Connect's "L2TP/VPN"
> > > section. What do you use? racoon from
> > Terminal.app?
> >
> > I have been told that an alternative method is
> > available:
> >
> >    "OS X creates config-files on the fly, but the
> > main racoon.conf is not
> >    touched, instead there's a line in racoon.conf
> > that says:
> >    include "/etc/racoon/remote/*.conf"
> >    So I changed the racoon.conf just to my needs
> > (Certificates and so on),
> >    and removed this include-line. With that, you can
> > set the connection up via
> >    the GUI, and racoon will be called by the GUI
> > with the correct parameters
> >    and the policies will be set correctly. This
> > might be a problem if you have
> >    more than 1 network (different certificates) to
> > connect to".
> >
> > It's not particularly user friendly but it's better
> > than nothing.
> > See this page for an example
> > /etc/racoon/racoon.conf:
> >
> http://www.wogri.com/linux/ipsec/multiple_pages/node29.html
> >
> > Jacco
> > --
> > Jacco de Leeuw
> > mailto:jacco2 at dds.nl
> > Zaandam, The Netherlands
> > http://www.jacco2.dds.nl
> >                      Mosquitos suck
> > _______________________________________________
> > Users mailing list
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
> >
>
>
>
>
> __________________________________
> Start your day with Yahoo! - Make it your home page!
> http://www.yahoo.com/r/hs
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>

-- 

"Happiness is never grand"

	--- Mustapha Mond, World Controller (Brave New World)


More information about the Users mailing list