Password not set on OSX 10.11

[vldgeorgiev]

Hi

I was testing the latest Sierra branch cefc8934057e32c463a4a3bd6b112c66149acfda on 10.11 and it doesn't set the password for L2TP/IpSec connections. My idea was to get the latest commit so it would work on 10.9 to 10.12(beta).

It seems that the service = ... change in VPNKeychange.m is the problem

+ (int) createPasswordKeyChainItem:(NSString*)label forService:(NSString*)service withAccount:(NSString*)account andPassword:(NSString*)password {
  service = [NSString stringWithFormat:@"%@.XAUTH", service];

I'm not very familiar with the internals of the keychain data. Did the format change in Sierra? Looking at the Keychain app, the passwords are there, but are shown with type "PPP password" and when connecting the VPN it asks for a password. If I comment that line out the type becomes "VPN password" and it works. I don't have 10.12 to test with it unfortunately.

Best Vladimir

[halo]

Hi

Hi! Thank you for getting in touch. Feedback is always much appreciated :)

I was testing the latest Sierra branch cefc893 on 10.11

I didn't know, that macosvpn 0.3.0 works on El Capitan at all. I thought that the Swift code I used was not backwards-compatible.

Is there a problem with using version 0.2.1? https://github.com/halo/macosvpn/releases

Did the format change in Sierra?

I thought it did, but right now I'm not so sure any more.

The way I test this is by creating a VPN manually via the System Preferences and then looking it up with this command:

 security dump-keychain -a /Library/Keychains/System.keychain 

For some reason, I believed that XAUTH was added in Sierra. But Now I cannot find it anymore when I create a L2TP manually.

I don't have 10.12 to test with it unfortunately.

And I don't have a macOS 10.11 to test with unfortunately :)

Let me know if macosvpn 0.2.1 works for you. I don't think I will support El Capitan in 0.3.0 any more. Because 0.2.1 should work pretty stable.

(See also https://github.com/halo/macosvpn/issues/21)

[vldgeorgiev]

I had the impression that 0.2.1 will not work in Sierra, so I got the latest branch for testing. Actually I admit I planned to reuse parts of the code and not the whole tool. 0.2.1 works and sets the password properly.

Except for the password issue 0.3.0 is also working well. Swift should not work below 10.9 AFAIK. If you use code that is not backwards compatible, I haven't stumbled into it yet :)

I saw #21 and this led me to believe that the previous release version will not work on Sierra.

[halo]

I had the impression that 0.2.1 will not work in Sierra, so I got the latest branch for testing.

That's true, I should be merging it, but wanted to clean up the code first. I guess I will merge it into master and then clean up later™️.

Actually I admit I planned to reuse parts of the code and not the whole tool.

That's perfectly fine, just rip out whatever you may need. I'm glad you find it useful.

Except for the password issue 0.3.0 is also working well.

OK, well then I suppose I will remove that line, merge it all into master and have a 0.3.1 pre-release candidate. Unfortunately the tests didn't really catch that error, because it only shows up during manual testing.

So, thank you for your time testing! :)

[vldgeorgiev]

You are welcome :) As for the testing, I haven't tried the Cisco configs so I can't verify that part.

[halo]

Would you mind giving latest master a try on El Capitan concerning L2TP?

At the moment, I'm only concerned with making this work on Sierra. I believe it does so at the moment. That's what my manual testing and my specs say. If El Capitan works reasonably well, I'll be happy.

[vldgeorgiev]

Just tested it with an L2TP connection on El Capitan and it created it properly, including the password.

[halo]