[Openswan Users] more fun with macs

Paul Wouters paul at xelerance.com
Tue Apr 20 08:23:30 EDT 2010


On Mon, 19 Apr 2010, Bob Miller wrote:

> For what ever reason, it seems Mac OS, openswan and me do not get along
> too well...
> I have a 10.5.8 mac client.  I have openswan 2.6.25 compiled from source
> on a Debian build.
> I have created a self signed CA, created a cert for the firewall, and
> two certs for macs (one of which I am working on now).  I have created
> the firewall's cert with the subjectAltName as is described on Jacco's
> and other's pages.  At least when I use `openssl x509 -text -in
> cerfile.pem` I have a line that reads:
>  X509v3 Subject Alternative Name:
> with DNS:fqdn.server.name, which is the same as the CN of the Subject.
> However, when I do debugging on the mac, I see this:
>
> ERROR: failed to get subjectAltName
> DEBUG: Discarding CERT: does not match ID

You might have forgotten some restrains on the cert? Another option is
that your configuration on the mac uses the IP of the gateway instead of
the DNS name "fqdn.server.name" to connect to the remote?

Paul


More information about the Users mailing list