[Openswan Users] Problem with MacOSX 10.5.8 roadwarriors

Paul Wouters paul at xelerance.com
Thu Mar 4 00:42:46 EST 2010

On Thu, 4 Mar 2010, alet at librelogiciel.com wrote:

>>> I've got aGNU/Linux Openswan 2.4.12
>> upgrade to 2.4.15 (plus the updated _updown from 2.6 as posted in the
>> list here before) or upgrade to 2.6.24 (or 2.6.25 soon)
> ok I've now setup 2.6.23 with the updated _updown.netkey script from
> 2.6.24, renamed as /usr/lib/ipsec/_updown
> BTW I don't understand why the _updwon script is used instead of
> _updown.netkey since I've got "protostack=netkey" in my ipsec.conf...

You misunderstood. If using openswan 2.4.x you need a 2.6.x _updown.netkey to
replace 2.4.x's _updown (2.4.x did not use seperate updown files per protostack,
and the 2.4.x version has a bug in it preventing netkey+l2tp to work)
If you use openswan 2.6.x, no manual updown script replacing is neccessary.

> The problem looks to be a routing problem : the IPsec SA is correctly
> established, but when the OSX box sends the L2TP SCCRQ, the L2TP SCCRP
> answer goes back in the clear and is rejected by the firewall.

Yes, please restore the real updown script again :)


More information about the Users mailing list