[Openswan Users] MacOS

Mon Aug 6 03:58:18 EDT 2007

Hi Jacco, 

Thanks for helping on this issue.

Le dimanche 05 août 2007 à 01:50 +0200, Jacco de Leeuw a écrit :
> 
> I haven't tested yet with Mac OS X 10.4.10. Are your new machines running
> 10.4.10? What the difference between 'new' machines and 'old' machines?

Hum, you know, we are not using MacOS on our side, but some RoadWarriors
do. So it's pretty hard to tell what they do with updates.

We have done a step by step guide in french based on the informations
you've published on your website, and working pretty well for, let say,
20 or so MacBook.

Right now, our documentation doesn't work anymore, but Mac that I've
been setup for VPN before (before what ... I dont know exactly, and
haven't the hardware to test it ..) they still works.

> I'm fairly sure I have tested with 10.4.6. Are your certificates generated
> with OpenSSL on a Mac?

No, on a Linux Box that act as CA, with a old OpenSSL (0.9.6l).

> Is the server picking the correct certificate? 

Server gives the good cert, in MacOS logs, I can see the server's certs,
and the mac is sending the user certs, all issued from CA, and valid.
(I'm using the same certs with Windows Client, and they works).

> I would recommend using
> rightca=%same

It's already configured ;)

I'm stuck in here, and I suspect the Apple keystore doing nasty things.

Oh, BTW, the Apple Security update suspected (10.4.8), look at OpenSSL
and Security Framework:
http://docs.info.apple.com/article.html?artnum=304829

Best regards

-- 
        Alexandre