IPsec on Mac OS X Panther?

ItsMr.Data wants to take a bite out of this issue: "I just got a new PowerBook with Airport. I wish to use it in the wireless network at the university I attend. The problem is that the university uses BlueSocket to secure the WIFI connections. The BlueSocket gateway is configured for IPsec tunnels. The client tool that BlueSocket provides does not work properly under Panther. I was told by the network department that it would be up to me to find a solution until BlueSocket comes out with an updated client. Being a poor college student, I would like to find a cheap or free solution. I have never worked with VPNs or IPsec. Do any Slashdot readers have any good ideas?"

Internet Connect

[CptChipJew]

Can't you use the Internet Connect application that ships with OS X to make an IPSec connection to their VPN? That's how I connect to my school's.

First post?

Poor?

[avalys]

A new Powerbook? I wish I was a poor college student.

Re:Poor?

[Mariani]

Poor after buying a Powerbook.

IPSec should work fine; need config info

[anothy]

The IPSec facilities in Panther should be more than sufficient for what you need. In my experience (in very nearly the exact same situation, as well as similar ones at corporation), the hardest part is wrangling the proper information out of your support staff. First you have to find someone who know WTF you're talking about. then they have to find the information. then they (may) have to get approval to give it to you. that generally involves convincing some clueless administrative type that you're not an 3vi1 h4xx0r. and then they have to actually give it to you. and the odds of getting the info right on the first try is not so good.
my biggest bit of advice is find some friendly, knowledgeable admin, find out what she likes to drink, and buy her lots of it.

Re:IPSec should work fine; need config info

[kerry-buckley]

my biggest bit of advice is find some friendly, knowledgeable admin, find out what she likes to drink, and buy her lots of it.

And hope she doesn't hit you when you admit that you only got her drunk "because you wanted to find out how her tunnel was configured".

Re:At Rutgers...

That's the thing though. His mileage has varied.

5, informative?

unfortunately

[austad]

The IPSec VPN software that is built into panther is missing a lot of features that would make it actually useful. It does not support NAT Traversal, so you can't use it from behind a firewall or NAT device. It does not support XAUTH, which I assume is what your school is using to authenticate you.

You may be able to use the Cisco VPN client though. The GUI for OSX is fairly unconfigurable, but you can edit the .pcf files that describe the connection manually. Cisco has docs on their site of what each line does. I use the Cisco client under OSX to connect to my Netscreen box at home, and I use it for work too. Although, the Netscreen required messing with the .pcf file.

Re:unfortunately

[azpcox]

Although the IPSec VPN client doesn't support NAT traversal, if you have a Linksys or something similar, they have an item called IPSec pass through which will do the NAT (technically there is no port associated with ESP traffic) for you to a single device. The UDP/500 traffic has no problem, just the ESP/AH traffic in certain instances.

Panther Compatibility for Bluesocket IPSec tool

Hello,

I'm the software engineer responsible for the Mac client for Bluesocket. The client software *should* work with Panther. The client software isn't really client software, however, its just a frontend to the built-in IPSec support that was first made available in 10.2.

If you're having trouble, you can try emailing support@bluesocket.com. Because it is just a frontend to the built-in support, you can try this on the command line to see if you're logged in:

$ sudo setkey -D

Which will print out your tunnel status. If it comes back empty, you're not connected. If you see two tunnels, you're good to go. (the GUI will reflect this as well)

I just tested it again on my Panther box, and it works OK. As an aside, you can also ask your network admin if they support PPTP. The bluesocket box has PPTP support, and is compatible with Jaguar and Panther's PPTP client.

Thanks!

VaporSec

[cpct0]

I don't have experiece with the other IPSec frontends...

But I can tell you that Vaporsec works well (http://afp548.com) -- oh and don't download the Jaguar version on the site, download the version in the forums (The major difference between the two are a few applescript bugs of no consequence, but it's nice to have a bug-free system.

And I suggest you ask your admins for the PRECISE configuration, it's not really easy to implement.

Mike

Re:Good luck

[caseih]

Cisco's VPN client is very much panther compatible. I use it every day. Just make sure you have the lastest version (version 4.something I believe).

IPSecuritas

[wangooroo]

I use IPsecuritas v 1.0.3 http://www.lobotomo.com It works with Panther's built in IPSec "racoon" which is a command line tool. man racoon for more info. IPSecuritas works great and its FREE

IPSecuritas

[mikeoreilly]

Check out IPsecuritas:
http://www.apple.com/downloads/macos x/networking_s ecurity/ipsecuritas.html

It has connected to every VPN endpoint/router that I have tried to connect to, with the exception of point to multipoint access. VPN Tracker had to release a new racoon binary to get point to multipoint to work. (This is only an issue if you must connect from a fixed IP address and almost no one does this anymore.)

The racoon IPSec stack in OSX is based on the kame (kame.org) project. See afp548.com for a writeup on how to get the whole thing working via the command line.

Remember, IPSecuritas is just a GUI for something already built in to OSX.