IPsec on Mac OS X Panther?

ItsMr.Data wants to take a bite out of this issue: "I just got a new PowerBook with Airport. I wish to use it in the wireless network at the university I attend. The problem is that the university uses BlueSocket to secure the WIFI connections. The BlueSocket gateway is configured for IPsec tunnels. The client tool that BlueSocket provides does not work properly under Panther. I was told by the network department that it would be up to me to find a solution until BlueSocket comes out with an updated client. Being a poor college student, I would like to find a cheap or free solution. I have never worked with VPNs or IPsec. Do any Slashdot readers have any good ideas?"

Internet Connect

[CptChipJew]

Can't you use the Internet Connect application that ships with OS X to make an IPSec connection to their VPN? That's how I connect to my school's.

First post?

Poor?

[avalys]

A new Powerbook? I wish I was a poor college student.

Re:Poor?

[Mariani]

Poor after buying a Powerbook.

Re:IPSec should work fine; need config info

[kerry-buckley]

my biggest bit of advice is find some friendly, knowledgeable admin, find out what she likes to drink, and buy her lots of it.

And hope she doesn't hit you when you admit that you only got her drunk "because you wanted to find out how her tunnel was configured".

unfortunately

[austad]

The IPSec VPN software that is built into panther is missing a lot of features that would make it actually useful. It does not support NAT Traversal, so you can't use it from behind a firewall or NAT device. It does not support XAUTH, which I assume is what your school is using to authenticate you.

You may be able to use the Cisco VPN client though. The GUI for OSX is fairly unconfigurable, but you can edit the .pcf files that describe the connection manually. Cisco has docs on their site of what each line does. I use the Cisco client under OSX to connect to my Netscreen box at home, and I use it for work too. Although, the Netscreen required messing with the .pcf file.

Re:unfortunately

[azpcox]

Although the IPSec VPN client doesn't support NAT traversal, if you have a Linksys or something similar, they have an item called IPSec pass through which will do the NAT (technically there is no port associated with ESP traffic) for you to a single device. The UDP/500 traffic has no problem, just the ESP/AH traffic in certain instances.

Panther Compatibility for Bluesocket IPSec tool

Hello,

I'm the software engineer responsible for the Mac client for Bluesocket. The client software *should* work with Panther. The client software isn't really client software, however, its just a frontend to the built-in IPSec support that was first made available in 10.2.

If you're having trouble, you can try emailing support@bluesocket.com. Because it is just a frontend to the built-in support, you can try this on the command line to see if you're logged in:

$ sudo setkey -D

Which will print out your tunnel status. If it comes back empty, you're not connected. If you see two tunnels, you're good to go. (the GUI will reflect this as well)

I just tested it again on my Panther box, and it works OK. As an aside, you can also ask your network admin if they support PPTP. The bluesocket box has PPTP support, and is compatible with Jaguar and Panther's PPTP client.

Thanks!

VaporSec

[cpct0]

I don't have experiece with the other IPSec frontends...

But I can tell you that Vaporsec works well (http://afp548.com) -- oh and don't download the Jaguar version on the site, download the version in the forums (The major difference between the two are a few applescript bugs of no consequence, but it's nice to have a bug-free system.

And I suggest you ask your admins for the PRECISE configuration, it's not really easy to implement.

Mike