[nycbug-talk] Connecting a MacOS X client to an isakmpd VPN
Brian A. Seklecki
lavalamp at spiritual-machines.org
Sat May 5 01:55:39 EDT 2007
One last remark about Cisco + OS/X
Watch out for using 169.254.0.0/16 for VPN pool space with the MacOS/X
client. At first you feel really cheeky having solved the world's RFC1918
black hole problem, then you realize that your mac clients are dead.
Apparently the Bonjour/Rendezvous/Zeroconf/mDNS crap depends on it; so
it's staticaly routed known as directly connected (link-local) to the
first configured ethernet address. It's not done in rc(8) where you can
disable it, either.
~BAS
On Fri, 4 May 2007, David Rio Deiros wrote:
> On Thu, May 03, 2007 at 04:36:07PM -0400, Brian A. Seklecki wrote:
>>
>> Bill Moran swears by OpenVPN; but I'm a fan of (somewhat) standards based
>> IPSec VPNs.
>>
>> Cisco splits the difference.
>>
>> .. and the licensing around the client is murky. But the client is readily
>> available to most. As long as you have one PIX or VPNC3k in your network,
>> then as far as I'm concerned, you can use the client.
>
> I am using cisco VPN software 4.9. We have a PIX at the office though.
> NAT travesal works fine as soon as there is only one client behind the
> NAT router.
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>
l8*
-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
http://www.spiritual-machines.org/
"...from back in the heady days when "helpdesk" meant nothing, "diskquota"
meant everything, and lives could be bought and sold for a couple of pages
of laser printout - and frequently were."
More information about the talk
mailing list