Ok, Here's the scoop.
Mac OS X 10.2 has built-in support for IPSec VPN. It is based on exactly the same IPSec code that we use in GTA's firewall products, (good news). The biggest problem for most people is there isn't a GUI provided by Apple. If you're a Unix guy it is easy. I started writing a GUI front end but really didn't have the time. The alternative is/was to purchase VPNTracker for $100 from Equinox. But that was until IPSecuritas a nice frontend written by Christoph Nadig. I worked some with Christoph and gave him some pointers on how to make IPSecuritas more flexible (and to support GTA's firewalls). So now IPSecuritas 1.0.1 is available and it works quite well with GTA's firewalls. The best part of all this is Christoph is determined to make sure that IPSecuritas is FREE. So download IPSecuritas 1.0.1 at http://www.lobotomo.com The installation is simple (disk image mount and drag the application to your disk). The setting are similar to the mobile client settings descibed in GTA's VPN guide. I haven't written a document (with pictures) on how to set it up for GTA's firewalls yet. But I plan to very soon. Quick setup. 1. Start IPSecuritas 2. Click on the New button to create a new connection definition. 3. Name your connection 4. General Tab Remote IPSec Device: IP address of your GB external NIC Remote Network: Network address of your Protected network. (select the bits for your network, 24 for a Class C) Local Network Mask: 32 for a single host Preshared Secret: your pre-shared key Exchange Mode: Aggressive Proposal Check: Claim Nonce Size: 16 5. Phase 1 Tab Lifetime: 28800 DH Group: Mod1024(2) Encryption: 3DES Authentication: SHA1 6. Phase 2 Tab Lifetime: 3600 PFS Group: Mod1024 (2) Encryption: 3DES is what PC mobile clients use however I use Rijndael (AES) because it is faster and requires less CPU. This means you'll have to have a different VPN definition than your PC mobile clients. If you don't want to have two definitions for mobile clients then stick with 3DES. Authentication: HMAC-SHA1 7. Options I just have the following checked: SIT_IDENTITY_ONLY INITIAL-CONTACT Compression Local Identifier: click the empty text box and put in your identifier, which is generally your email address (i.e. [EMAIL PROTECTED]) Remote Identifier: Address 8. Click OK 9. Make sure your defintion is selected and then click "Start IPSec". After a short while you'll see the IPSec is started. Launch a ping at an IP address behind the firewall and it should work. Remember you'll need to setup the GTA firewall just like you would for a Windows mobile client. Good luck. Paul On Thursday, September 25, 2003 at 05:09, Andrew Gray wrote: >Has anyone documented the configuration of Mac OS X IPsec VPN for >connection to a GNATBox? > >Is this OS X IPsec VPN capable of Mobile IPsec VPN connection to a >GNATBox? > >I found this gb-user posting from Paul Emerson back in January 2003 from >a mail archive which suggested it would be documented? > > > >Regards > > > >-- >Andrew Gray <[EMAIL PROTECTED]> >Linnet Solutions Ltd >PGP/GPG Key:www.linnetsol.co.uk/andyg.gpg -- Paul Emerson Global Technology Associates, Inc. Tel: +1.407.380.0220 http://www.gta.com/ Fax: +1.407.380.6080 Email: [EMAIL PROTECTED] Mob: +1.407.617.7818 AIM: pje1gta ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://www.mail-archive.com/[EMAIL PROTECTED]
