[Openswan dev] Re: [PATCH] Openswan and OS X with NAT-T

[Michael Richardson]

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Paul" == Paul Wouters <paul at xelerance.com> writes:
    >> No, that's not the case at all.  That's what vendor IDs are for
    >> --- to work around bugs in your old code.

    Paul> Peter's patch was backported to v2_4_X and I managed to
    Paul> successfully setup an L2TP connection on MacOSX Tiger from
    Paul> behind NAT. It showed:

    Paul> The strange thing is the line that says:

    Paul>   	NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
    Paul> both are NATed

  It means that the hash on the server side ports/data is wrong.
  Apple probably screwed that up too.  I'm disinclined to ship the patch
based upon that knowledge.

    Paul> First, we are not really using RFC 3947 but the "apple bug"
    Paul> version of it.  And second, both ends are not NAT'ed, only my

  The patch doesn't make a distinction.

  I want to hear from Apple.

- -- 
]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQzlidYqHRg3pndX9AQHbrAP+K9hJjeMwxkMEVHIcUuc+WP4+9mP7hrMj
BxftFcezEInjZxoRl6MgT6Ek7FI/mus5UyekzTh9W5Chwyw019KT7JIubuRuUxqC
Gg8DGjXIumom4mPfNpdSfhuR9lAaJKffZZByLPytFtgJMUwyz0zmUuETccmqWHM+
QGg+0yLua0A=
=BbsP
-----END PGP SIGNATURE-----