<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Thanks. I saw a post from you from 2-3 weeks ago in which someone
mentioned a the issue and you mentioned it should be reported as a
bug. In particular, some implementations (broken though they are)
require the ability to specifically set the modp group for success.<br>
<br>
Cisco VPN client is one example. Older PIX hardware are another
example as I recall. If the first proposal is incorrect, they'll give
up and not try a 2nd or 3rd option. This is why I think being able to
set the proposal specifically for IKE is important. Then again, you
guys are far more experienced on this strange IPSec juju than I am.<br>
<br>
My incantations are rudimentary and simple at this point.... :)<br>
<br>
Cheers.<br>
<br>
<br>
Paul Wouters wrote:
<blockquote
cite="mid:alpine.LFD.1.10.0908110024580.2080@newtla.xelerance.com"
type="cite">On Mon, 10 Aug 2009, Diego Rivera wrote:
<br>
<br>
<blockquote type="cite">Not so jivin... nhelpers=0 did not help - I
still get the error. I'll wait for your patch though before
<br>
pursuing this further. Also, I tried to register myself so I could
file bug reports at
<br>
bugs.openswan.org with no success - no matter what I do I can't log
in. I realize this is probably not
<br>
the proper form for that but can you point me in the right direction?
<br>
</blockquote>
<br>
I approved the new users you created. I have not found the option in
redmine yet
<br>
to disable that verification step. (we migrated from mantis to redmine)
<br>
<br>
<blockquote type="cite">I found a bug in the way the "ike="
configuration is parsed - it doesn't allow specification of the DH
<br>
group (i.e. ike=3des-sha1;modp1024 causes pluto to fart badly, but
esp=3des-sha1;modp1024 works fine)
<br>
and I'd like to report it officially so it can be tracked.
<br>
</blockquote>
<br>
I need to verify with Michael what the exact goal of that change was.
It might be
<br>
that the modp group was only supposed to be specified with ESP and not
with IKE?
<br>
<br>
Paul
<br>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<style type="text/css">
p { margin: 0; }
</style>
<div style="font-family: Arial; font-size: 10pt; color: rgb(0, 0, 0);">
<font size="1"> Diego Rivera<br>
Director / System Operations<br>
Roundbox Global : <span
style="font-style: italic; color: rgb(102, 102, 102);">enterprise :
technology : genius</span><br>
------------------------------------------------------------------------------------------------------------------<br>
Avenida 11 y Calle 7-9, Barrio Amón, San José, Costa Rica<br>
tel: +1 (404) 567-5000 ext. 2147 | cel: +(506) 8393-0772 | fax: +(506)
2258-3695<br>
email: <a href="mailto:diego.rivera@rbxglobal.com">diego.rivera@rbxglobal.com</a>
| <a href="http://www.rbxglobal.com">www.rbxglobal.com</a><br>
------------------------------------------------------------------------------------------------------------------<br>
</font> </div>
</div>
</body>
</html>