[Openswan dev] standalone pluto + VPN client Aggressive mode + PSK + XAUTH

Michael Richardson mcr at sandelman.ottawa.on.ca
Fri Jul 9 13:01:12 CEST 2004 

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Philippe" == Philippe Sultan <philippe.sultan at inria.fr> writes:
    Philippe> I have compiled pluto (openswan v1.0.6) without klips in
    Philippe> order to get a standalone ISAKMP stack and make it work
    Philippe> with a Cisco VPN client.

  Cisco VPN client? as in windows?
  they are locked to work with only Cisco equipment.

    Philippe> The first message from the client is processed through the
    Philippe> 'aggr_inI1_outR1()' function (Cisco client specifies a
    Philippe> wrong value for the packet size in the ISAKMP HDR, but I
    Philippe> think pluto should ignore this in my case), and after that
    Philippe> by find_host_connections() -> find_host_pair_connections()
    Philippe> -> find_host_pair().

    Philippe> These functions (found in connections.c) always returns
    Philippe> NULL which makes pluto discard the ISAKMP message.

    Philippe> In fact, the 'for' loop in the find_host_pair() is never
    Philippe> entered, because the static struct 'host_pairs' is set to
    Philippe> NULL (and p = host_pairs at loop initialization).

    Philippe> I would like to know when and how the host_pairs struct if
    Philippe> filled. Shouldn't it be initialized before we enter
    Philippe> find_host_pair()?

  Have you actually sat down and configured an openswan<->openswan
connection first? I.e. have you actually configured the openswan end
properly?

- --
]     "Elmo went to the wrong fundraiser" - The Simpson         |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQO7BR4qHRg3pndX9AQF52wQAkP7RtIKf+3uYdSH2bRV36VkjkFaDoJX8
l2FiYuVPuOacX3A+/apRJE+cWSY1/BpusEw6G3lDeMx7+0TPClhPJfBPevCDGdO2
3Qy+CBIQk8z9cw9kVP5YEb3+9l2jPCl8uJ/4QMiadJLRRJ/xkM16aR7VfWt/hPD/
dT/HeEy6pqM=
=XlFe
-----END PGP SIGNATURE-----

More information about the Dev mailing list