[Openswan dev] Freeswan-1.99 patch: SHA first, interop with interop note broken Checkpoint VPN-1

Paul Wouters paul at xelerance.com
Wed May 12 14:16:34 CEST 2004

On Tue, 11 May 2004 matt-openswan-dev at kindjal.net wrote:

> Sanitized log attached, made with plutodebug=all.

> The symptom you describe is exactly the one that I had.  The patch
> worked for me.

I double checked, and found that the patch didn't work for me because I
needed to manually load the other ipsec algo module. Once I did that,
your patch indeed worked.

Since my VPN server runs Openswan-1, I could just specify:


and your patch wasn't actually required. Support for this in Openswan-2
is being worked on. Current releases do not have it yet, but partially
merged code is in cvs HEAD.

Openswan-2 (HEAD) should also support autoloading the alg modules, so in
the near future, everyone connecting to Checkpoint with Openswan-2 should
just need to add the above line in their connection to interop with the
broken Checkpoint implementation.


More information about the Dev mailing list