![]() ![]() Apple presumably introduced code signing of kernel plugins for good reasons and, whilst many software vendors who ship older unsigned plugins are referencing the above as a short term fix (google the above command line!), you do this at your own risk. Having done this, I can confirm that IPSecuritas now works fine on Yosemite without having to disable NAT-T! You can revert to the previous behaviour by: sudo nvram boot-args="kext-dev-mode=1" Googling around Yosemite has become more picky about kernel extensions that it will load and now rejects unsigned files (probably quite a good idea, but not good for IPSecuritas). Nov 5 11:49:04 xxxxxxxx : ERROR: invalid signature for, will not load IPSecuritas VPN client Version 3.4 for MAC OS platforms from Lobotomo. In any case, even on my tame home network, which shouldn’t need NAT-T it just allowed me to pass traffic for one of the three tunnels at random.Ĭonfiguring any new IPSec environment always seems to consume half a day, and I like IPSecuritas so it was worth a bit of effort to get it working. Note: After 10 minutes of inactivity, the gateway automatically logs you out. I was sceptical about this as having to disable NAT-T is too broken. Googling around, it seems a few folks have hit this and the perceived wisdom seems to be to turn off NAT traversal on the tunnel options to get things working in Yosemite. ![]() Whilst it seems to work and establishes all of the SAs sucessfully via ISAKMP, it doesn’t then move any protected traffic. I’ve just upgraded my Mac Book to Yosemite and the only casualty I’ve found so far is the IPSecuritas IPSec VPN wrapper application. ![]()
0 Comments
Leave a Reply. |