The MacOSX product feature list discusses interoperability between the MacOSX VPN client and Windows for PPTP and L2TP, so I've been trying to get this to work. I have a Windows Server 2003 RRAS that is configured, working, and with which WinXP desktops can successfully establish an L2TP session using certificates. I've successfully generated a machine certificate for the MacOSX client using Keychain Access's Certificate Assistant (I generated a signing request, signed in on my Windows CA) and imported it onto the System keychain along with the private key. I also imported my CA cert onto the X509Anchors keychain. The RRAS server certificate has the server hostname (FQDN) as the SubjectAltName extension, and I've used this to specify the VPN endpoint hostname in the MacOSX client L2TP definition. AFAICT, these are the right steps. When I try to initiate the VPN, a network sniff shows that communication indeed occurs between the client and the RRAS server, but the VPN never comes up. I figured how to enable verbose VPN logging on the MacOSX client, and from this I've found that the client & server actually do exchange certificate information. However, racoon appears to get two errors ('ID type mismatched' and 'ID value mismatched') during phase 1 of IKE negotiation immediately after the server's certificate is parsed. The only conclusion I've been able to reach so far is that the Windows 2003 RRAS certificate is somehow unpalatable to the MacOSX racoon, but I haven't been able to figure how to get this working. It's as if racoon somehow can't obtain the SubjectAltName from the server certificate. Since L2TP Windows/MacOSX interoperability is mentioned right out loud in the product feature list, then I'm boldly assuming that -someone- has done this at least once in the past. Oddly, though, I've found nothing in the discussion forums or in Google reporting actual success at this (L2TP, certificates, Windows 2003 RRAS with the MacOSX VPN client). Of course, I could resort to something like VPN Tracker, but I am not quite ready to give up on the MacOSX native VPN client yet. Has anyone else accomplished this? Can you refer me to any documents or other resources on what was done? I already opened a support call on my AppleCare certificate and was told that no help is available for what I'm doing - I was referred to this discussion forum.