Mac VPN to L2TP on IPSec Connection Issues
My company has implemented a VPN using Microsofts VPNs for Windows Server 2003. Recently theyve changed from PPTP to L2TP over IPSec. I have yet to be able to configure the Macintosh to use the new protocol VPN. It worked perfectly with PPTP. Included below is a link to the documentation on the VPN server that my company is using.
http://www.microsoft.com/vpn
Im trying to access this VPN on a Macintosh Running Tiger 10.4.2 using its built in VPN Client Software (Internet Connect). Here are the steps Ive taken thus far.
Opened the application Internet Connect.
Selected the New VPN Connection from the file menu.
Selected the radio button for L2TP over IPSec.
From the resulting window, selected Edit Configuration from the Configuration drop down list.
From the resulting configuration window, enter the following values:
Description: Dart VPN
Server Address: VPN's domain name
Account Name: my user id
Now, my company has supplied me with a certificate (VPNUserCert.pfx) and a certificate authority (dartca.cer). So using the application Keychain Access I did the following:
Selected the Import... menu item from the File menu.
From the resulting dialog box:
From the file chooser, selected the dartca.cer file.
From the Keychain: drop down list, selected X509Anchors.
Clicked on Open.
Entered my username (administrator) and password in the resulting Authenticate window.
Restarted application KeyChain Access.
Selected the Import... menu item from the File menu.
From the resulting dialog box:
From the file chooser, selected the VPNUserCert.pfx file.
From the Keychain: drop down list, selected login.
Clicked on Open.
Clicked on Okay from the resulting Authenicate window without entering a password, since the file is not password protected.
Now with the login keychain selected the MY COMANY NAME Employee certificate was visible. Selecting that certificate showed the following:

With the X509Anchors keychain selected the MY COMPANY NAME CA certificate authority was visible. Selecting it showed the following:

Returning to the application Internet Connect and continuing from Edit configuration window, I did the following:
User Authentication: checked the Certificate radio button.
From the resulting Select Certificate dialog box I chose (my only choice) MY COMPANY NAME Employee.
Clicked Okay to accept.
Since, my company doesnt provide a machine certificate or a shared secret I left that field blank
Choosing connect resulted in the following message in the console log and an error from Internet Connect saying, The connection has failed. Please verify your settings and try again.
===== Wednesday, September 14, 2005 1:41:37 PM America/Detroit =====
Sep 14 13:47:22 judah pppd[651]: L2TP: no user shared secret found.
It seems that Internet Connect either requires a Shared Secret or a Machine Certificate, but my company doesnt use either. Of course if I select certificate for Machine Authentication I get the following error message:
No machine certificates found
Certificate authentication cannot be used because your keychain does not contain any suitable certificates. Use Keychain Access to import the appropriate certificates into your keychain. If you do not have the certificates required for authentication, contact your network administrator.
From Windows XP running on Virtual PC 7.0.2 on this same Macintosh following the directions at the above URL I was able to setup a VPN Connection and connect to our companys VPN just fine. The difference being that it did not need a shared secret or a machine certificate, and that it required my User certificate and my domain password whereas in Internet Connect it required either a password or a user certificate but not both. Windows required both.
Has anyone been able to get the built in VPN client in Tiger to work using Layer
http://www.microsoft.com/vpn
Im trying to access this VPN on a Macintosh Running Tiger 10.4.2 using its built in VPN Client Software (Internet Connect). Here are the steps Ive taken thus far.
Opened the application Internet Connect.
Selected the New VPN Connection from the file menu.
Selected the radio button for L2TP over IPSec.
From the resulting window, selected Edit Configuration from the Configuration drop down list.
From the resulting configuration window, enter the following values:
Description: Dart VPN
Server Address: VPN's domain name
Account Name: my user id
Now, my company has supplied me with a certificate (VPNUserCert.pfx) and a certificate authority (dartca.cer). So using the application Keychain Access I did the following:
Selected the Import... menu item from the File menu.
From the resulting dialog box:
From the file chooser, selected the dartca.cer file.
From the Keychain: drop down list, selected X509Anchors.
Clicked on Open.
Entered my username (administrator) and password in the resulting Authenticate window.
Restarted application KeyChain Access.
Selected the Import... menu item from the File menu.
From the resulting dialog box:
From the file chooser, selected the VPNUserCert.pfx file.
From the Keychain: drop down list, selected login.
Clicked on Open.
Clicked on Okay from the resulting Authenicate window without entering a password, since the file is not password protected.
Now with the login keychain selected the MY COMANY NAME Employee certificate was visible. Selecting that certificate showed the following:

With the X509Anchors keychain selected the MY COMPANY NAME CA certificate authority was visible. Selecting it showed the following:

Returning to the application Internet Connect and continuing from Edit configuration window, I did the following:
User Authentication: checked the Certificate radio button.
From the resulting Select Certificate dialog box I chose (my only choice) MY COMPANY NAME Employee.
Clicked Okay to accept.
Since, my company doesnt provide a machine certificate or a shared secret I left that field blank
Choosing connect resulted in the following message in the console log and an error from Internet Connect saying, The connection has failed. Please verify your settings and try again.
===== Wednesday, September 14, 2005 1:41:37 PM America/Detroit =====
Sep 14 13:47:22 judah pppd[651]: L2TP: no user shared secret found.
It seems that Internet Connect either requires a Shared Secret or a Machine Certificate, but my company doesnt use either. Of course if I select certificate for Machine Authentication I get the following error message:
No machine certificates found
Certificate authentication cannot be used because your keychain does not contain any suitable certificates. Use Keychain Access to import the appropriate certificates into your keychain. If you do not have the certificates required for authentication, contact your network administrator.
From Windows XP running on Virtual PC 7.0.2 on this same Macintosh following the directions at the above URL I was able to setup a VPN Connection and connect to our companys VPN just fine. The difference being that it did not need a shared secret or a machine certificate, and that it required my User certificate and my domain password whereas in Internet Connect it required either a password or a user certificate but not both. Windows required both.
Has anyone been able to get the built in VPN client in Tiger to work using Layer
