[Openswan dev] standalone pluto + VPN client Aggressive mode +
PSK + XAUTH
mcr at sandelman.ottawa.on.ca
Fri Jul 9 13:01:12 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Philippe" == Philippe Sultan <philippe.sultan at inria.fr> writes:
Philippe> I have compiled pluto (openswan v1.0.6) without klips in
Philippe> order to get a standalone ISAKMP stack and make it work
Philippe> with a Cisco VPN client.
Cisco VPN client? as in windows?
they are locked to work with only Cisco equipment.
Philippe> The first message from the client is processed through the
Philippe> 'aggr_inI1_outR1()' function (Cisco client specifies a
Philippe> wrong value for the packet size in the ISAKMP HDR, but I
Philippe> think pluto should ignore this in my case), and after that
Philippe> by find_host_connections() -> find_host_pair_connections()
Philippe> -> find_host_pair().
Philippe> These functions (found in connections.c) always returns
Philippe> NULL which makes pluto discard the ISAKMP message.
Philippe> In fact, the 'for' loop in the find_host_pair() is never
Philippe> entered, because the static struct 'host_pairs' is set to
Philippe> NULL (and p = host_pairs at loop initialization).
Philippe> I would like to know when and how the host_pairs struct if
Philippe> filled. Shouldn't it be initialized before we enter
Have you actually sat down and configured an openswan<->openswan
connection first? I.e. have you actually configured the openswan end
] "Elmo went to the wrong fundraiser" - The Simpson | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----
More information about the Dev