[Openswan dev] nat-t openswan interop problem Win2003
Michael Richardson
mcr at sandelman.ottawa.on.ca
Tue Jan 3 11:24:31 CET 2006
>>>>> "Jacco" == Jacco de Leeuw <jacco2 at dds.nl> writes:
Jacco> Windows Server 2003 does not support the draft-02 vendorid without
Jacco> the extra newline character. If you modify Openswan to send both
Jacco> vendorids (the ones with and without the newline) then the NAT-T
Jacco> negotiation will continue.
Sigh. Stupid MS.
Can't they issue a patch faster than that? draft-02 is probably close to
three years old!
Jacco> Ignoring the Commit flag, ISAKMP_NEXT_HASH and
Jacco> INVALID_PAYLOAD_TYPE errors for the moment, could it be a bug in
Jacco> Win2003 where it always uses a client ID consisting of the
Jacco> external IP address of the NAT router?
Well, if you think about it, the client *CAN'T* know the external IP.
It's a bug in Openswan. We have preliminary patches, but they won't be
released yet.
--
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 480 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/dev/attachments/20060103/f946ba54/attachment-0001.bin
More information about the Dev
mailing list