FANDOM


This page provides information on interoperability between OS X and Linux machines. For interoperability between OS X and Windows, see here.

Linux and OS X Filesystems

OS X can mount (as read-only) Linux ext2 filesystems with the free utility ExtFSManager.

Linux can mount (as read-only) OS X HFS+ filestystems if the appropriate kernel module is loaded.

File Sharing with Samba

Printer sharing with samba

VPN Between Mac and Linux Machines

Natively, OS X supports Virtual Private Networks (VPNs) using L2TP over IPsec. However, Linux is typically configured for straight IPsec, and requires additional steps to enable L2TP. This description allows the Mac to be configured to run a straight IPsec VPN, without the added overhead of L2TP.

A transport mode VPN is described, in which all of the participating hosts are on the same LAN. This is useful for wireless networks, since the original wireless encryption protocol (WEP) is very weak, and even the more secure WPA has reportedly been partially cracked. Tunnel mode, on the other hand, is typically used for connecting a remote machine to a LAN via the Internet; this configuration is also achievable in both OSes.

Configuring the VPN on OS X

Configuring a VPN on OS X

Configuring the VPN on Linux

Linux distributions typically use OpenSWAN for VPN implementation, while OS X uses racoon. These two systems share the same underlying protocol (ipsec) and can interoperate. Assuming a 2.6.x Linux kernel, the following is an example of a Linux ipsec.conf file, typically located at /etc/ipsec.conf but this may vary from one distribution to another:

version 2.0     # conforms to second version of ipsec.conf specification

config setup
       forwardcontrol=yes
       interfaces=%defaultroute
       nat_traversal=no
       virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
       overridemtu=1400
       uniqueids=yes

# Add connections here

conn %default
       keyingtries=20
       rekey=no
       compress=yes
       disablearrivalcheck=no
       authby=secret

conn wireless
       type=transport
       left=%defaultroute
       right=%any
       esp=3des-sha1-96
       espenckey=0x0123_4567_89ab_cdef_0246_8ace_1357_9bdf_1234_5678_9abc_def0
       espauthkey=0x1234_5678_9abc_def0_2468_ace0_1357_9bdf
       spi=0x300
       auto=add
       pfs=yes

# Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

The connection called "wireless" (any name will do) specifies a transport (as opposed to tunnel) connection. The choices for espenckey, espauthkey, and spi are arbitrary hexadecimal numbers.

The included file no_oe.conf is probably found in most distributions. If it is missing, the following will do:

conn block
   auto=ignore

conn private
   auto=ignore

conn private-or-clear
   auto=ignore

conn clear-or-private
   auto=ignore

conn clear
   auto=ignore

conn packetdefault
   auto=ignore

The line "authby=secret" tells OpenSWAN to use a secret key for authentication; the key is provided in a file /etc/ipsec.secrets, which should have root access only, and should contain a line of this form (replace the IP address with the IP address of the target Mac, and the string in quotes with some random string of characters):

%any 192.168.1.101 : PSK "ThisShouldBeACrypticString"

This file requires a line for each target machine. The secret string must also be configured on the target machine to match the string of the Linux machine.

Nate Carlson's web site has more helpful information, including setting up certificates (an alternative to the use of secret keys, not necessary but preferable when more than two or three machines are involved in the VPN).

The init files of the Linux machine should be configured to start the ipsec process automatically on booting.

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.