[Openswan Users] OSX 10.4.3 to Openswan U2.4.0/K2.6.11-1.14_FC3 problems

aram price me at aramprice.com
Mon Nov 21 14:28:35 CET 2005


hello,

I have a couple of issues with openswan <-> osx connectivity which  
I'm trying to resolve.

I am trying to to connect my mac laptop (running OSX 10.4.3  
currently) to our VPN (running Linux FC3 currently).

the first issues have been unable to create a cert which my mac will  
accept for use as a "Machine Certificate"
I've attempted to create a certificate for OSX v10.4.3 using the  
suggestion from:
	http://www.jacco2.dds.nl/networking/freeswan-panther.html#Cert_ID
adding " subjectAltName=DNS:vpn.foo.com" to openssl.cnf
I was able to import the resulting .p12 file into the correct Keychains:
	Login Keychain:
		me.foo.com cert issued & signed by our (own) CA
		me.foo.com private key
	X509Anchors:
		vpn.foo.com CA issued by us
and can use the cert "me.foo.com" to sign or encrypt mail for my  
"foo.com" email account (using Mail.app).
however Internet Connect still complains that there is no valid  
"Machine Certificate"

the second issue I'm hoping to find information about is NAT  
Traversal while using OSX.  from what i can tell openswan still(?)  
does not support the OSX NAT-T implementation.
is this something which is likely to change?
are there any un-official patches or work-arounds about which enable  
openswan to understand the OSX NAT-T implementation?

thanks in advance.

regards,


aram price



More information about the Users mailing list