[Openswan Users] Leopard IPsec initial test - failed

Paul Wouters paul at xelerance.com
Wed Oct 31 00:52:00 EDT 2007


On Wed, 31 Oct 2007, Pepijn Oomen wrote:

> Not sure what you did different from me, but I just succeeded establishing an
> IPsec connection from a fresh Leopard install :)
>
> I did have some problems getting the certificate to be selectable, but it
> seems there are two ways to get it working:
>
> 1. drag & drop .p12 file onto System keychain, you will be asked for
> Administrator access
> 2. use sudo on Keychain Access.app

Ken, can you try this?

> After the CA, private key and certificate are available in the system
> keychain, you *must* create a new configuration (and not just modify the
> default) to actually get it to select the certificate. I started out modifying
> the default, and while I could select the certificate, it never stuck.
>
> After this, I just pressed 'Connect' and off it went.
>
> But the connection is still not properly taken down. And it does not look like
> DPD is enabled out-of-the-box:
>
> Oct 30 23:51:11 pandora pluto[16527]: "l2tp"[21] 195.159.157.158 #84:
> NAT-Traversal: Result using RFC 3947 (NAT-Traversal): both are NATed
> [...]
> Oct 30 23:51:13 pandora pluto[16527]: "l2tp"[22] 195.159.157.158 #85:
> STATE_QUICK_R2: IPsec SA established {ESP=>0x04d6b7bc <0x13df2b08
> xfrm=AES_128-HMAC_SHA1 NATD=195.159.157.158:4500 DPD=none}

On the openswan side, add:

	dpdaction=clear
	dpdtimeout=120
	dpddelay=30

Paul
>

-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list