[Openswan dev] re: Windows Rekeying with NAT-T
Norman Rasmussen
norman at rasmussen.org
Tue May 10 20:16:27 CEST 2005
re: http://bugs.xelerance.com/view.php?id=271
Is this fixed in 2.3.1 or CVS? I'm currently testing with debian's
2.3.0-2 with Bernd's patch from the 24th of Feb 2005 users mailing
list email. (it seems that the bottom half his patch got applied to
2.3.1)
I've tried the natt patch supplied with this bug and it seems to make
very little difference. (see
http://www.darkskies.za.net/~norman/ipsec/ and
http://norman.rasmussen.org/79/ipsuccess-for-a-short-while/)
Having a look at my logs it seems that 1) Quick Mode fails, and then
2) after Main Mode succeeds, it quite happily deletes the new and old
SA's instead of just the old SA.
The bug report is guessing that pluto needs to be change to instead
sending the ip address, it needs to send the FQDN with the peer name?
I'd really need to do more indepth packet trace on both sides to
figure out which function to update, and with what values. Is there
anybody that can provide a quick tip - or patch :-) to where I can
start digging around.
--
- Norman Rasmussen
- Email: norman at rasmussen.org
- Home page: http://norman.rasmussen.org/
More information about the Dev
mailing list