[Openswan dev] MODECFG/IKECFG/MODE CONFIG openswan server and third party clients

[Michael Richardson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>> "Paul" == Paul Wouters <paul at xelerance.com> writes:
    >> > http://popoludnica.pl/?id=10100110

    >> > Can anyone elaborate on this please?

    Paul> Hi Anna,

    Paul> I read the page and your descriptions, and created:

    Paul> http://bugs.xelerance.com/view.php?id=709

  Please post the description.

    Paul> Though the patch seems small, it does change modeconfig quite
    Paul> a bit. So I am tempted to not apply this to 2.4.x, but use the
    Paul> newer 2.5.x branch. I will let Michael decide.

    Paul> I think we should perhaps add an option to choose between
    Paul> using the IV from phase1 or phase2, so we can support both on
    Paul> a per-conn basis.

  No. Softremote is WRONG if it derives any IV from anything other than
the last-IV of the phase1.

- -- 
]            Bear: "Me, I'm just the shape of a bear."          |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBRXYZI4CLcPvd0N1lAQKCjgf/e/C6yqs8dns6fhBrdWwrMVWvpbRrvlOg
fNTYHXxmzGwgXyS54WeEa5dbZxbWORmyjElm7yezA7TN81AByqZCAFx6QhHAZepN
jUfPMvGiPDoDqNuSxJYYWuK0+Zz3RcQU+anrETght+HX54/6TXlAek6BpGmKAHLt
7V4J3ou09Yxdf8TvkFPKnMRoZZWSkK5ygCKLMY4WTHoCaxuwnuZsFuqhC+CzLXfq
5xIlD0S135KHM3getpKr97uz4rddJzFT2UG0MeBHCS2uqrxiremRBTGKpkjoctTe
2GK6Gg2AJz3TbetISVv6czMRXWr9WTn//YxNezF8qOiB0uqbUn9EWA==
=gmUO
-----END PGP SIGNATURE-----