[nycbug-talk] Connecting a MacOS X client to an isakmpd VPN

Brian A. Seklecki lavalamp at spiritual-machines.org
Sat May 5 01:55:39 EDT 2007

One last remark about Cisco + OS/X

Watch out for using for VPN pool space with the MacOS/X 
client.  At first you feel really cheeky having solved the world's RFC1918 
black hole problem, then you realize that your mac clients are dead.

Apparently the Bonjour/Rendezvous/Zeroconf/mDNS crap depends on it; so 
it's staticaly routed known as directly connected (link-local) to the 
first configured ethernet address.  It's not done in rc(8) where you can 
disable it, either.


On Fri, 4 May 2007, David Rio Deiros wrote:

> On Thu, May 03, 2007 at 04:36:07PM -0400, Brian A. Seklecki wrote:
>> Bill Moran swears by OpenVPN; but I'm a fan of (somewhat) standards based
>> IPSec VPNs.
>> Cisco splits the difference.
>> .. and the licensing around the client is murky. But the client is readily
>> available to most.  As long as you have one PIX or VPNC3k in your network,
>> then as far as I'm concerned, you can use the client.
> I am using cisco VPN software 4.9. We have a PIX at the office though.
> NAT travesal works fine as soon as there is only one client behind the
> NAT router.
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month

 	-lava (Brian A. Seklecki - Pittsburgh, PA, USA)

"...from back in the heady days when "helpdesk" meant nothing, "diskquota"
meant everything, and lives could be bought and sold for a couple of pages
of laser printout - and frequently were."

More information about the talk mailing list