On Thu, Aug 03, 2006 at 01:20:13AM +0300, Bo Granlund wrote:
> Hi,
>
> I recently got a Mac Book from Apple with the latest and greatest
> Mac OS X installed on it. I have a setup where I connect the mac book
> to an wlan accesspoint which is connected to an openbsd 3.9-current
> machine which should provide connectivity to the Mac Book over an
> IPSec tunnel.
>
> I have looked at the ipsec howto at
> http://www.securityfocus.com/infocus/1859 . It says that everything
> should be nice and easy as long as both ipsec peers are OpenBSD but
> in this case one of the peers has to be an Mac OS X running racoon.
>
> The thing that baffles me the most is how do I generate a public
> key on the macosx box which could be copied into
> /etc/isakmpd/pubkeys/ipv4/x.x.x.x on the openbsd machine. And
> vice-versa, how do I generate a public key on the openbsd host
> that racoon somehow understands?
>
> The openbsd box is a 3.9-current (a few weeks old) and I have the
> following /etc/ipsec.conf:
> ike esp from 10.1.1.0/24 to 10.2.2.0/24 peer 10.10.10.160
> ike esp from 10.10.10.1 to 10.2.2.0/24 peer 10.10.10.160
> ike esp from 10.10.10.1 to 10.10.10.160
>
> How should the macos x side be configured? I've searched the
> archives for clues but haven't found anything usefull yet. If
> somebody has ipsec working between an openbsd host and a macosx
> host, could you perhaps give me some hints?
Well, since you've gathered no other responses, here goes nothing...
At the very least, certificate-based authentication should work, as
should a preshared secret (PSK). You will probably want to let both
sides identify themselves with their IP address - in racoon,
'my_identifier' and 'peer_identifier' (IIRC, it's been a while).
However, this does not answer your real question, which is how to use
ssh-style public/private keys. I am afraid I can't help you there, and
Google does not give an answer immediately.
Good luck, racoon's configuration is quite arcane...
Joachim
