[Openswan Users] MacOS X L2TP/IPsec

Mathieu Peresse thieummm at gmail.com
Fri Mar 19 07:31:57 EDT 2010

Yep I did put the FQDN of the server as SubectAltName. The client
certificate is validated on the server side, the server certificate seems to
be the problem (the 6th main mode message contains the responder certificate
according to IKE spec).

 Do you get a working L2TP/IPsec session with Mac OS X ?



On Fri, Mar 19, 2010 at 11:52 AM, Anthony Lester <alester at free.fr> wrote:

> Hello Mathieu,
> If you are are using Mac OS X as a client and you generated your
> certificates using OpenSSL, did you make sure that you have something for
> the "Subject Alternative Name" (e.g. your EMail) in the client certificate
> and that the "Subject Alternative Name" in the certificate for the gateway
> corresponds to the Server Address.
> Just an idea
> Anthony
> On 19 Mar 2010, at 11:02, Mathieu Peresse wrote:
>  Hi all,
>> I've been playing with OpenSwan and xl2tpd recently, and I have a question
>> regarding Mac OS X interoperability:
>> First, did anyone managed to get the racoon logs more verbose ?
>> IKE negociation fails in Main Mode (message 6 says racoon, i guess it's
>> the last one), racoon log only says "Auth Failed"..
>> My guess is that my root certificate installed on Mac OS X (10.6) cannot
>> be found for some reason ?... It is installed and marked as trusted
>> though...
>> Any clue ?
>> --
>> a+
>> mathieu
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100319/e1944760/attachment.html 

More information about the Users mailing list