[Openswan Users] Connecting to Openswan with OS X Leopard (10.5.1)

[Jacco de Leeuw]

Schley Andrew Kutz wrote:

> http://www.lostcreations.com/blog/20071209-9
> Leopard (10.5.1) requires MPPE-128 when negotiating L2TP/IPsec connections

There have been reports on this mailinglist (in particular by Paul/Ken,
Pepijn Oomen and Alan Whinery) but they did not mention this problem.
But I found a thread on the Apple mailinglist which confirms the problem:
http://discussions.apple.com/thread.jspa?threadID=1224077

Some questions and observations:

- A Linux pppd log has not yet been posted here but there is one on
  the Apple mailinglist. The important bit is this:
   pppd7541: rcvd CCP ConfReq id=0x1 <mppe +H -M +S +L -D -C>
   pppd7541: sent CCP ConfRej id=0x1 <mppe +H -M +S +L -D -C>
   pppd7541: rcvd LCP TermReq id=0x2 \"MPPE required but peer negotiation
                                       failed\"
  Ok, this Linux pppd probably does not have require-mppe-128 (as double
  encryption does not make sense for L2TP/IPsec). Andrew writes that things
  still don't work if he adds require-mppe-128 on the Linux server:
  the Mac client balks that MPPE is not loaded. But what do the logs look
  like then?

- You can force loading of the MPPE module by connecting with PPTP first.
  Not everyone will be running a PPTP server in parallel with an
  L2TP/IPsec server. Is there a way to load the MPPE module manually
  on the Mac?

- How exactly does one edit the preferences plist file so that L2TP/IPsec
  will not ask for MPPE?

- Does 10.5 work? I.e. was the problem introduced in 10.5.1?

- The Apple Mac OS 10.5 Server log posted on the Apple list seems to
  suggest that it does not work with Leopard Server either, but for
  another reason: it rejects CCP, which is required for MPPE.

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl