Fixing Apple's L2TP/IPSec

kasei1

macrumors newbie
Original poster
Nov 2, 2010
1
0
Hi!

Since Mac OS X makes a lot of trouble when it comes to connecting to non Mac L2TP/IPSec Servers and I still wanted to maintain the default VPN interface (instead of configuring the vpn with config files) I fixed Apple's L2TP/IPSec implementation for Snow Leopard. This version connects perfectly to a Windows Server 2008.

What is fixed?
-Use the standard port 1701 on the client side for outgoing connections.
-Fix retrieving psks from the Keychain.

Instructions:
Download the zip file.
L2TP goes to /System/Library/Extensions/L2TP.ppp/Contents/MacOS/ (fix the access rights if necessary)
racoon goes to /usr/sbin/

What did I change?
In http://www.opensource.apple.com/source/ppp/ppp-412.3/Drivers/L2TP/L2TP-plugin/main.c

replaced
Code:
our_address.sin_port = htons(opt_udpport);
with
Code:
our_address.sin_port = htons(L2TP_UDP_PORT);
replaced
Code:
our_address.sin_port = htons(0);
with
Code:
our_address.sin_port = htons(L2TP_UDP_PORT);
Although this could be fixed better by Apple in their non OS source.

In http://www.opensource.apple.com/source/ipsec/ipsec-93.8/ipsec-tools/racoon/localconf.c

replaced
Code:
key = vmalloc(cur_password_len + 1);
with
Code:
key = vmalloc(cur_password_len);
removed
Code:
key->v[cur_password_len] = 0;
Somebody must have thought the ipsec key is a 0 terminated string which leads to the error that pre-shared keys wont be read correctly from the keychain. Apple, please implement this fix as it is ;).

Have Fun!

If you appreciate my work just leave me a post :)
 

Attachments

Register on MacRumors! This sidebar will go away, and you'll see fewer ads.