[Openswan Users] Recommended best working setup for l2tp/ipsec multiplatform

Paul Wouters paul at xelerance.com
Sat Nov 8 13:50:15 EST 2008


On Sat, 8 Nov 2008, Achim Moller wrote:

>>> Apart from the iphone, yes.
> Good to hear. But unfortunately I have the same issues as posted in "2.6.18/l2tp/nat access for iphone - by-the-book setup SA issues" when I connect via macos 10.5 (leopard) to this setup. I get exactely the same error messages for macos as I get from the iphone.

> So, either the combination openswan 2.6.18 and Linux kernel 2.6.27-2/klips/nat-t patch does not work together or I'm doing something wrong. But I'm not able to understand from the posted log messages what actually does not work and I'm confused why this "by-the-book" setup does not work.

Did you try using Tiger? I have not yet tried Leopard myself. I know with Leopard it is impossible (AFAIK) to
get certificates imported as "machine certificates", which on Tiger was an ackward hack to get accomplished,
but at least worked.

With certificates, you also need the gateway DNS or IP as a subjectAltname entry in the gateway's certificate,
or OSX hangs up on you.

> Perhaps could you please post some exact version information about which Openswan and Linux kernel combination to try?

This has nothing to do with the kernel or nat-t versions, as it is purely a userland IKE negotiation.
As far as I know, no one got te iphone to work properly with l2tp, meaning no one probably got Leopard
to work either.

Paul


More information about the Users mailing list