[Openswan dev] Re: [PATCH] Openswan and OS X with NAT-T
mcr at xelerance.com
Tue Sep 27 12:17:11 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Paul" == Paul Wouters <paul at xelerance.com> writes:
>> No, that's not the case at all. That's what vendor IDs are for
>> --- to work around bugs in your old code.
Paul> Peter's patch was backported to v2_4_X and I managed to
Paul> successfully setup an L2TP connection on MacOSX Tiger from
Paul> behind NAT. It showed:
Paul> The strange thing is the line that says:
Paul> NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
Paul> both are NATed
It means that the hash on the server side ports/data is wrong.
Apple probably screwed that up too. I'm disinclined to ship the patch
based upon that knowledge.
Paul> First, we are not really using RFC 3947 but the "apple bug"
Paul> version of it. And second, both ends are not NAT'ed, only my
The patch doesn't make a distinction.
I want to hear from Apple.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----
More information about the Dev