Fixing Apple's L2TP/IPSec

Discussion in 'Mac OS X Server, Xserve, and Networking' started by kasei1, Nov 2, 2010.

  1. kasei1 macrumors newbie

    Joined:
    Nov 2, 2010
    #1
    Hi!

    Since Mac OS X makes a lot of trouble when it comes to connecting to non Mac L2TP/IPSec Servers and I still wanted to maintain the default VPN interface (instead of configuring the vpn with config files) I fixed Apple's L2TP/IPSec implementation for Snow Leopard. This version connects perfectly to a Windows Server 2008.

    What is fixed?
    -Use the standard port 1701 on the client side for outgoing connections.
    -Fix retrieving psks from the Keychain.

    Instructions:
    Download the zip file.
    L2TP goes to /System/Library/Extensions/L2TP.ppp/Contents/MacOS/ (fix the access rights if necessary)
    racoon goes to /usr/sbin/

    What did I change?
    In http://www.opensource.apple.com/source/ppp/ppp-412.3/Drivers/L2TP/L2TP-plugin/main.c

    replaced
    Code:
    our_address.sin_port = htons(opt_udpport);
    with
    Code:
    our_address.sin_port = htons(L2TP_UDP_PORT);
    replaced
    Code:
    our_address.sin_port = htons(0);
    with
    Code:
    our_address.sin_port = htons(L2TP_UDP_PORT);
    Although this could be fixed better by Apple in their non OS source.

    In http://www.opensource.apple.com/source/ipsec/ipsec-93.8/ipsec-tools/racoon/localconf.c

    replaced
    Code:
    key = vmalloc(cur_password_len + 1);
    with
    Code:
    key = vmalloc(cur_password_len);
    removed
    Code:
    key->v[cur_password_len] = 0;
    Somebody must have thought the ipsec key is a 0 terminated string which leads to the error that pre-shared keys wont be read correctly from the keychain. Apple, please implement this fix as it is ;).

    Have Fun!

    If you appreciate my work just leave me a post :)
     

    Attached Files:

Share This Page