[Openswan Users] Apple macOSX 10.4.3: no change :(
Agent Smith
news8080 at yahoo.com
Thu Nov 3 06:13:07 CET 2005
L2TP/IPSEC will use a racoon process if it finds one
running (if not running, it will start it)
work beautifully with X.509 certs, haven't tried PSKs
yet.
I'll make the config. and setup instructions available
on a web server here if anyone is interested.
--- Paul Wouters <paul at xelerance.com> wrote:
> On Tue, 1 Nov 2005, Agent Smith wrote:
>
> > It does work when you use racoon though thats the
> > point I am trying to make.
> >
> > and by 'using racoon' I mean exactly that, use
> racoon,
> > the config file is at /etc/racoon/racoon.conf
>
> I'm still confused. So I assume in the racoon.conf
> you specify
> the X.509 certificate, thereby bypassing Keychain
> Access.app.
> But how does this make the VPN available in Internet
> Connect?
>
> Paul
>
> >
> > --- Jacco de Leeuw <jacco2 at dds.nl> wrote:
> >
> > >
> > > Paul Wouters wrote:
> > >
> > > > I just installed the apple tiger update
> (10.4.3).
> > > Although the error message for
> > > > trying to select an X.509 certificate instead
> of
> > > presharedkey has improved from
> > > > "error no valid certificate found" to "no
> valid
> > > certificate found, use keychain
> > > > access to import one", I am still unable to
> get
> > > X.509 certificates to work on
> > > > MacOSX.
> > >
> > > Apple has also not changed a thing in racoon
> since
> > > Mac OS X 10.4.0:
> > >
> >
>
http://darwinsource.opendarwin.org/10.4.3/network_cmds-245.1/racoon.tproj/
> > >
> > > I.e. still the non-standard NAT-T, still based
> on an
> > > old racoon that has
> > > been discontinued. Sigh.
> > >
> > > I don't think there is any source code for the
> GUI
> > > part of the Mac's VPN
> > > client, so we can't investigate what is going
> on.
> > >
> > > > How are you "using racoon"?
> > > > I am simply trying to use Apple's GUI in
> Internet
> > > Connect's "L2TP/VPN"
> > > > section. What do you use? racoon from
> > > Terminal.app?
> > >
> > > I have been told that an alternative method is
> > > available:
> > >
> > > "OS X creates config-files on the fly, but
> the
> > > main racoon.conf is not
> > > touched, instead there's a line in
> racoon.conf
> > > that says:
> > > include "/etc/racoon/remote/*.conf"
> > > So I changed the racoon.conf just to my needs
> > > (Certificates and so on),
> > > and removed this include-line. With that, you
> can
> > > set the connection up via
> > > the GUI, and racoon will be called by the GUI
> > > with the correct parameters
> > > and the policies will be set correctly. This
> > > might be a problem if you have
> > > more than 1 network (different certificates)
> to
> > > connect to".
> > >
> > > It's not particularly user friendly but it's
> better
> > > than nothing.
> > > See this page for an example
> > > /etc/racoon/racoon.conf:
> > >
> >
>
http://www.wogri.com/linux/ipsec/multiple_pages/node29.html
> > >
> > > Jacco
> > > --
> > > Jacco de Leeuw
> > > mailto:jacco2 at dds.nl
> > > Zaandam, The Netherlands
> > > http://www.jacco2.dds.nl
> > > Mosquitos suck
> > > _______________________________________________
> > > Users mailing list
> > > Users at openswan.org
> > > http://lists.openswan.org/mailman/listinfo/users
> > >
> >
> >
> >
> >
> > __________________________________
> > Start your day with Yahoo! - Make it your home
> page!
> > http://www.yahoo.com/r/hs
> > _______________________________________________
> > Users mailing list
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
> >
>
> --
>
> "Happiness is never grand"
>
> --- Mustapha Mond, World Controller (Brave New
> World)
>
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
More information about the Users
mailing list