[Openswan dev] Re: [Users] FreeSWAN on SuSE Linux and FreeBSD with racoon interoperate.

Michael Richardson mcr at sandelman.ottawa.on.ca
Thu Feb 26 18:27:23 CET 2004


-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Alexander" == Alexander Rusinov <alru at dreamtime.net> writes:
    >> really requires a recompile.  I have a hunch that the compression
    >> between KAME-like stacks and KLIPS do not interop. (And I think
    >> Michael concluded earlier that this is a KAME bug)

  Yes, if 26sec is operating in such a way as to accept the packets that
it creates, then it is likely that is possible for one client to forge
packets coming from another.

    Alexander> Can you, please, give a clue, how to turn this off on
    Alexander> SuSE linux? I didn't find CONFIG_IPSEC_IPCOMP in original
    Alexander> SuSE kernel source. I've downloaded source RPM for
    Alexander> FreeSWAN from here:

  Fixing pluto never to permit negotiation of IPCOMP ought to be enough.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQD6A2YqHRg3pndX9AQGrugQAg5uU8+RDBTUDy8ZSsFfTwJB8zqTR2rMt
HH5k9veoTQlmd3cvU+yGXBjvvxFGa6p2+meXLZ0iUVqenPSJIkkIcr5lW3cq/GGl
4Zhu1dAHHFn715VqCQn0AAMlQ5bbb5LzE+r0hNhECeFvmlRx+ZyRSePSm6nffEhD
fSwXta6ItIU=
=reCV
-----END PGP SIGNATURE-----


More information about the Dev mailing list