Solved

VPN L2TP/IPSEC

Posted on 2003-11-25
9
635 Views
Last Modified: 2013-11-13
I want to setup a VPN connection from a Macintosh to a Windows 2003 Server running RRAS. We are using L2TP/IPSEC and certificates to negotiate the IP-security. The MAC is running OS X 10.3.2.

What do I need to do to get it work?
I'm NOT interested in using pre-shared keys for IPSEC!
But how do I install a certificate and get the MAC to use that certificate when establishing the VPN tunnel?

Is it possible with the built-in VPN client or do I need a 3d party client?

Thanks!
0
Comment
Question by:danasp
  • 3
  • 2
  • 2
9 Comments
 
LVL 8

Accepted Solution

by:
pike480 earned 125 total points
ID: 9827863
10.3.2? it's not available yet... unless you are a beta tester for it.

If you are running 10.3.x, then the Internet Connect application that came with Panther (10.3) will establish a vpn connection over IPSec.

Also look at Vapor, from <http://www.versiontracker.com/dyn/moreinfo/macosx/17212>.
0
 
LVL 5

Assisted Solution

by:Insolence
Insolence earned 125 total points
ID: 9828028
danasp,
   I've never tried not using pre-shared keys.  The 10.3 internet connect tool doesn't appear to have a place to throw the certificate, although that doesn't mean it doesn't work.  You may be able to establish a VPN connection with that certificate through some console manipulation.  If you do however, use preshared keys, the OS-X's Internet Connect application will allow you to establish PPTP or IPSEC connections with ease, and I've tested it's ability to connect to 2k and 2k3 IPSEC servers, but again, with a pre-shared key  =).  I'd love to know if this is possible without purchasing any os-x vpn software.  If you do find a answer, or if anyone else knows, post it up here!  =)

 - Insolence
0
 
LVL 1

Author Comment

by:danasp
ID: 9831329
Yes, it is 10.3.1 and not 10.3.2. :) Sorry about that!

On Apple's website I found information about setting up the VPN connection. When it came to the section about the IPSEC preshared key it said something like: "Here you will write your preshared key(unless you are using certificates)"....   But the help didn't mention how to configure it with certificates....

How can I make a certificate request from a MAC? Then I can issue a certificate on my CA. And how do I install that certificate on my MAC?

My knowledge about MAC is limited....
I'm just trying to find a way so our MAC users can access the VPN server in the same way our Win2K and WinXP users can.
0
Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

 
LVL 5

Expert Comment

by:Insolence
ID: 9903629
I would gather that you would use openssl from the command line, since it deals with client and server certificate requests.  Would be something like...

openssl req  -new -keyout newkey.pem -out newreq.pem  -days 360

I still do not know how you use the certificate once you get it back from your server with your VPN.  But, at least this is the first half of your problem!  =)

 - Insolence
0
 
LVL 1

Author Comment

by:danasp
ID: 9906181
I will try it out.
I don't have access to a MAC myself so I need to ask another guy to test it. I will get back to you with the result asap.

Thanks!
Cheers, Daniel
0
 
LVL 5

Expert Comment

by:Insolence
ID: 9908202
Well, if you have someone else do it... make sure they are in somewhere like their home directory where they have permission to write.  That command will generate two files.  Oh, I just noticed a copy/paste of the above text generates a few extra characters in the terminal on the mac since there are two &nbsp's in the middle of it.  If you want to copy/paste it, here is one without the nbsp's...

openssl req -new -keyout newkey.pem -out newreq.pem -days 360

And for your knowledge, this will generate two files which are named in the command above, newkey.pem and newreq.pem.  The req is the request, and the key is the private key.  =)  Enjoy... and if I come up with the second half of the answer to this I'll letcha know.  =)

 - Insolence
0
 
LVL 8

Expert Comment

by:pike480
ID: 9908515
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
MAC permissions to Microsoft AD 7 376
Authentication issue for MAC workstation 8 66
'resolving host' problem on MacBook 26 432
Add Wired Network printer to ipad 23 139
SUMMARY Enterprise backup in a heterogeneous network is a subject full of complications and restrictions. Issues such as filename & path structure, attributes and extended metadata always tend to complicate the subject to the extent where either …
In this article we will discuss some EI Capitan Mail app issues and provide some manual process to resolve them.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question