[Openswan dev] MODECFG/IKECFG/MODE CONFIG openswan server and third party clients
mcr at sandelman.ottawa.on.ca
Tue Dec 5 19:59:06 EST 2006
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Anna" == Anna Wiejak <anias at popoludnica.pl> writes:
Anna> Recently I was working on the problem of modeconfig
Anna> compatibility between openswan server and softremote
Anna> third-party client. I found the reason why this doesn't work
Anna> properly and implemented a workaround on openswan server. The
Anna> problem and solution is explained in detail here:
Please don't make me fish on your blog for the explanation.
Post it here as text.
Anna> Openswan implements the modeconfig in a different way then all
Anna> other solutions I've seen. I can't find out which behaviour is
Anna> correct - it looks like the details of deriving initialization
Well, openswan interoperates with multiple cisco implementations that
were done by the authors of the ikecfg draft.
There is only one way to calculate the initial IV.
] Bear: "Me, I'm just the shape of a bear." | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----
More information about the Dev