[Openswan Users] Leopard IPsec initial test - failed
Pepijn Oomen
oomen at piprograms.com
Mon Oct 29 15:40:17 EDT 2007
Jacco de Leeuw wrote:
>> fact that his email header says the client was at one of my VPN
>> addresses suggests that it was in fact a working Leopard connection.
> Ok, so we have two reports. One works, one does not.
I performed an upgrade on a machine that was able to connect. I needed
to fix the CA certificate (the whole X509-chain has been reworked, and
CA certificates need to be imported into the login chain, one user, or
the system chain, all users), but after that it connected fine.
My initial test indicates that rekeying is improved (see a previous
message on the subject by me).
However, there seems to be a problem on disconnection. The ISAKMP SA and
IPsec SA are not removed, but the ppp/xl2tpd is taken down properly.
This complicates reconnects.
--
Pepijn Oomen.
More information about the Users
mailing list