[Openswan Users]
OSX 10.4.3 to Openswan U2.4.0/K2.6.11-1.14_FC3 problems
aram price
me at aramprice.com
Mon Nov 21 14:28:35 CET 2005
hello,
I have a couple of issues with openswan <-> osx connectivity which
I'm trying to resolve.
I am trying to to connect my mac laptop (running OSX 10.4.3
currently) to our VPN (running Linux FC3 currently).
the first issues have been unable to create a cert which my mac will
accept for use as a "Machine Certificate"
I've attempted to create a certificate for OSX v10.4.3 using the
suggestion from:
http://www.jacco2.dds.nl/networking/freeswan-panther.html#Cert_ID
adding " subjectAltName=DNS:vpn.foo.com" to openssl.cnf
I was able to import the resulting .p12 file into the correct Keychains:
Login Keychain:
me.foo.com cert issued & signed by our (own) CA
me.foo.com private key
X509Anchors:
vpn.foo.com CA issued by us
and can use the cert "me.foo.com" to sign or encrypt mail for my
"foo.com" email account (using Mail.app).
however Internet Connect still complains that there is no valid
"Machine Certificate"
the second issue I'm hoping to find information about is NAT
Traversal while using OSX. from what i can tell openswan still(?)
does not support the OSX NAT-T implementation.
is this something which is likely to change?
are there any un-official patches or work-arounds about which enable
openswan to understand the OSX NAT-T implementation?
thanks in advance.
regards,
aram price
More information about the Users
mailing list