[Openswan dev] Openswan-2.3.0dr3 to Checkpoint NG AI55 success
karl.vogel at telenet.be
Fri Nov 26 00:27:56 CET 2004
Since aggressive mode is now supported by openswan, I took
it for a spin and was able to connect to a Checkpoint NG
Application Intelligence V55 (Hot Fix 09) -- what a name! --
with a preshared secret.
However Checkpoint still violates the DOI 184.108.40.206 rule and
expects a USER_FQDN without an '@' sign. After patching
programs/pluto/id.c, I got it to work.
Afterwards I googled for DOI 220.127.116.11 and found an old
aggressive mode patch for freeswan which had a checkpoint 4.1
interop define which did the same...
The quick 'n dirty patch I did to my openswan was:
--- programs/pluto/id.c.orig 2004-11-25 23:36:00.129421832 +0100
+++ programs/pluto/id.c 2004-11-25 23:15:57.527245152 +0100
@@ -270,7 +270,7 @@ atoid(char *src, struct id *id, bool myi
id->kind = ID_USER_FQDN;
id->name.ptr = src;
- id->name.len = strlen(src);
+ id->name.len = strlen(src)-1;
Maybe a proper solution would be to accept '@' as last character,
but emit a big fat warning about a broken implementation?!
Or would an extra ipsec.conf connection option to allow this
brokenness be better?
Or wont any of these interop patches be accepted?
More information about the Dev