Eugene,

Internal verification that it looks like there was regression on the VPN side of things.  Not a problem with any of the Smart Card Services components or your Tokend / PKC11 components.  

I’ll create a ticket in our system to reflect the status of the RADAR in Apple’s system.

-Shawn

On Mar 14, 2014, at 5:14 AM, Мироненко Евгений <mironenko@rutoken.ru> wrote:

Shawn,

Finally I've captured logs from PKCS11. tokend: see the file attached. 
I'd like to note, that there is no log activity during the selection of certificate in VPN client. 
Activity logged corresponds to viewing the certificates in the keychain and signing e-mail.

<Gemalto.TokenD.log>
Best regards,
Eugene Mironenko

12.03.2014, в 19:39, Shawn Geddis <geddis@me.com> написал(а):

On Mar 12, 2014, at 5:29 AM, Мироненко Евгений <mironenko@rutoken.ru> wrote:
- Shawn_____________________________________________________________________

Hello!

I'm using Gemalto Tokend to access the certificates on the token. On Mac OS X 10.8 the certificates on the token are accessible via Keychain Access, Mail utilities and built-in VPN client, but after updating to 10.9 I've got an issue that certificates on the token are not listed in built-in VPN client (when selecting authentication parameters) though they are visible in Keychain Access utility.

Is it a problem with Tokend used or Apple has just cut out tokend support from VPN client? Is there any workaround for the issue?

Best regards,
Eugene Mironenko

Eugene, 

Nothing has changed architecturally from the Apple side on Tokend or on the ability of any Apple services (ie. VPN) to utilize the Keychain APIs which is how they get access to Smart Cards supported with a Tokend.  Have you updated the Tokend for 10.9 using the updated installers posted ?  There was a security CVE addressed and implemented in the new updates as well.

Please capture logs before and during the transactions and submit with a ticket, so we can look into it.  We may uncover something from there.

-Shawn
_____________________________________________________________________
Shawn Geddis            geddis@{Mac | Me | iCloud}.com
Enterprise Security Consulting Engineer, Apple     geddis@apple.com

Smart Card Services  Project/Dev Lead:                                                                                 
Project Wiki:           [SmartCardServices.MacOSFforge.Org]
Mailing Lists:          [Lists.MacOSForge.Org/mailman/listinfo]
SCS Contact:            [scs-cotact@macosforge.org]
SCS Admin:            [scs-admin@macosforge.org]