[Openswan Users] Leopard IPsec initial test - failed

Paul Wouters paul at xelerance.com
Wed Oct 31 00:52:00 EDT 2007

On Wed, 31 Oct 2007, Pepijn Oomen wrote:

> Not sure what you did different from me, but I just succeeded establishing an
> IPsec connection from a fresh Leopard install :)
> I did have some problems getting the certificate to be selectable, but it
> seems there are two ways to get it working:
> 1. drag & drop .p12 file onto System keychain, you will be asked for
> Administrator access
> 2. use sudo on Keychain Access.app

Ken, can you try this?

> After the CA, private key and certificate are available in the system
> keychain, you *must* create a new configuration (and not just modify the
> default) to actually get it to select the certificate. I started out modifying
> the default, and while I could select the certificate, it never stuck.
> After this, I just pressed 'Connect' and off it went.
> But the connection is still not properly taken down. And it does not look like
> DPD is enabled out-of-the-box:
> Oct 30 23:51:11 pandora pluto[16527]: "l2tp"[21] #84:
> NAT-Traversal: Result using RFC 3947 (NAT-Traversal): both are NATed
> [...]
> Oct 30 23:51:13 pandora pluto[16527]: "l2tp"[22] #85:
> STATE_QUICK_R2: IPsec SA established {ESP=>0x04d6b7bc <0x13df2b08
> xfrm=AES_128-HMAC_SHA1 NATD= DPD=none}

On the openswan side, add:



Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list