What kind of VPN does Panther use?
Summary
Mac OS X 10.3 or later includes a built-in virtual private network (VPN) feature. It uses IPSec with PPP/L2TP, not pure IPSec. So if you try to connect to a plain vanilla IPSec server, the attempt will fail, and your system.log might contain something like this:
localhost racoon: ERROR: isakmp_inf.c:848:isakmp_info_recv_n(): unknown notify message, no phase2 handle found. localhost pppd[521]: L2TP cannot connect to the server
The VPN server may report in its log:
IKE Responder: IPSec proposal does not match (Phase 2)
IKE Responder: Mode 2 - not tunnel mode
Products Affected
Mac OS X 10.3
So why would we do this? Pure IPSec only provides user authentication or configuration of the client machine through protocols which are either proprietary or defined by the long-expired IETF drafts, which are not standards. Using PPP/L2TP over IPSec is the only "standard" way of doing remote access with user authentication and IP address assignment over IPSec at this time.
If this is an issue for you, here's some possible solutions:
- Configure the VPN server to use PPP/L2TP over IPSec transport mode, or
- Use third-party VPN client software that supports the proprietary protocols, or
- Use a third-party UI to configure Mac OS X IPSec for tunnel mode, which will have no user authentication or configuration for the client machine. For example:
IPSecuritas
http://www.apple.com/downloads/macosx/networking_security/ipsecuritas.htmlVPN Tracker
http://www.apple.com/downloads/macosx/networking_security/vpntracker.html