[Openswan Users] Leopard IPsec initial test - failed
Pepijn Oomen
oomen at piprograms.com
Tue Oct 30 19:00:32 EDT 2007
Paul Wouters wrote:
> Teh good news is that certifiacte imports are much much better, and actually work.
> No more messing with Keychain. The bad news is, the IPsec is broken:
Not sure what you did different from me, but I just succeeded
establishing an IPsec connection from a fresh Leopard install :)
I did have some problems getting the certificate to be selectable, but
it seems there are two ways to get it working:
1. drag & drop .p12 file onto System keychain, you will be asked for
Administrator access
2. use sudo on Keychain Access.app
After the CA, private key and certificate are available in the system
keychain, you *must* create a new configuration (and not just modify the
default) to actually get it to select the certificate. I started out
modifying the default, and while I could select the certificate, it
never stuck.
After this, I just pressed 'Connect' and off it went.
But the connection is still not properly taken down. And it does not
look like DPD is enabled out-of-the-box:
Oct 30 23:51:11 pandora pluto[16527]: "l2tp"[21] 195.159.157.158 #84:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): both are NATed
[...]
Oct 30 23:51:13 pandora pluto[16527]: "l2tp"[22] 195.159.157.158 #85:
STATE_QUICK_R2: IPsec SA established {ESP=>0x04d6b7bc <0x13df2b08
xfrm=AES_128-HMAC_SHA1 NATD=195.159.157.158:4500 DPD=none}
--
Pepijn Oomen.
More information about the Users
mailing list