Rogierm's Blog » mac

Cisco IPSec VPN with certificates in OSX Lion

admin — Mon, 31 Oct 2011 13:13:43 +0000

Since the Cisco VPN client does not work under OSX Lion anymore there was no easy way to connect with certificate authentication. It took some time but I managed to get it working under Lion with the build in VPN Client. Find the steps below to get the certificates imported and working with the VPN Client.

Create key: openssl genrsa -des3 -out vpn-cert2.key 1024
Create CSR (make sure that the CN is a simple name, no spaces or special characters): openssl req -new -key vpn-cert2.key -out vpn-cert2.csr
Request certificate with your CA
Create a p12 file from the key and the certificate: openssl pkcs12 -export -inkey vpn-cert2.key -in certnew-3.cer -out vpn.p12
Import the p12 file (containing the key and certificate) in the system keychain (not the login keychain, that doesn’t work): sudo security import vpn.p12 -k /Library/Keychains/System.keychain
If needed you can import the CA in your keychain and trust the imported certificate: sudo security add-trusted-cert -k /Library/Keychains/System.keychain root.ca.pem
Note:Make sure that if you import your own CA, that you do it this way. Otherwise the VPN server certificate will not be verified correctly.

To use the certificate for VPN authentication do the following:

Open System Preferences
Go to Network
Click + to add network interface, Select Interface: VPN, VPN Type: Cisco IPSec
Click Create
In the Server Address type the hostname of the firewall. This is really important. The firewall has a certificate configured on the FQDN. Make sure the server address is the name of the certificate in the firewall. This FQDN can be found in the trustpoint configuration (see below)
Enter the username
Click Authentication Settings
Select Certificate and Click Select
Select the correct certificate that you just imported
Click OK
Click Apply

When you are not able to select the certificate you created the problem is that the CN is not supported. Make sure the CN that you used to create the CSR does not contain spaces or special characters.

Firewall trustpoint config:
crypto ca trustpoint CA1 enrollment terminal fqdn fw.xxxx.com subject-name CN=fw.xxxx.com,OU=IT,O=XXX Limited,C=NL,St=NH,L=Amsterdam

How to eject CD in Mac OSX from command line

admin — Mon, 05 Apr 2010 21:34:09 +0000

Open Terminal
Enter the following command:$ drutil eject

Keeping two iTunes libraries in sync

admin — Sun, 27 Dec 2009 20:58:01 +0000

I use a MacBook Pro for daily use and have a Mac Mini as my media center. While iTunes has a lot of great functions (I love Genius), it does not have a simple way to have to standalone iTunes libraries and sync songs between the two. Sure you can share the music while you’re on the same LAN, or over the Internet (eg. http://www.simplifymedia.com/index.html), it does not have a simple function to synchronize a library between two computers. The following article describes how to use rsync to keep two libraries exactly the same.

http://guides.macrumors.com/Keeping_2_iTunes_Libraries_in_Sync

I found a second way to synchronize the songs that were missing on the iTunes library on my MacMini from the iTunes library on my MacBook. I used the following steps:

Share the iTunes folder on the source (/Users/username/Music/iTunes)
Mount the iTunes folder on the destination
Open iTunes and select the ‘Add to Library’ option
Select the mounted iTunes folder

iTunes now automatically selects the missing songs and add them locally to the library. This may take some time.