[Openswan Users] MacOS X L2TP/IPsec
Mathieu Peresse
thieummm at gmail.com
Fri Mar 19 07:44:34 EDT 2010
I'm sorry I just realized my previous wasn't clear at all. Let me
reformulate.
I put the FQDN of the server as SubjectAltName in the server certificate.
No SubjectAltName in the client certificate but the server's log says the
client cert is validated anyway.
The problem seems to lie on the client side during server's certificate
authentication (when Main Mode message 6 is received by the
Initiator/Client).
On Fri, Mar 19, 2010 at 12:31 PM, Mathieu Peresse <thieummm at gmail.com>wrote:
> Yep I did put the FQDN of the server as SubectAltName. The client
> certificate is validated on the server side, the server certificate seems to
> be the problem (the 6th main mode message contains the responder certificate
> according to IKE spec).
>
> Do you get a working L2TP/IPsec session with Mac OS X ?
>
> Thanks,
>
> mathieu.
>
> On Fri, Mar 19, 2010 at 11:52 AM, Anthony Lester <alester at free.fr> wrote:
>
>> Hello Mathieu,
>>
>> If you are are using Mac OS X as a client and you generated your
>> certificates using OpenSSL, did you make sure that you have something for
>> the "Subject Alternative Name" (e.g. your EMail) in the client certificate
>> and that the "Subject Alternative Name" in the certificate for the gateway
>> corresponds to the Server Address.
>>
>> Just an idea
>>
>> Anthony
>>
>>
>> On 19 Mar 2010, at 11:02, Mathieu Peresse wrote:
>>
>> Hi all,
>>>
>>> I've been playing with OpenSwan and xl2tpd recently, and I have a
>>> question regarding Mac OS X interoperability:
>>>
>>> First, did anyone managed to get the racoon logs more verbose ?
>>>
>>> IKE negociation fails in Main Mode (message 6 says racoon, i guess it's
>>> the last one), racoon log only says "Auth Failed"..
>>> My guess is that my root certificate installed on Mac OS X (10.6) cannot
>>> be found for some reason ?... It is installed and marked as trusted
>>> though...
>>>
>>> Any clue ?
>>>
>>> --
>>> a+
>>> mathieu
>>> _______________________________________________
>>> Users at openswan.org
>>> http://lists.openswan.org/mailman/listinfo/users
>>> Building and Integrating Virtual Private Networks with Openswan:
>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>
>>
>>
>
>
> --
> a+
> mathieu
>
--
a+
mathieu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100319/71e7821b/attachment.html
More information about the Users
mailing list