[Openswan dev] MODECFG/IKECFG/MODE CONFIG openswan server and third party clients

[Michael Richardson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>> "Anna" == Anna Wiejak <anias at popoludnica.pl> writes:
    Anna> Recently I was working on the problem of modeconfig
    Anna> compatibility between openswan server and softremote
    Anna> third-party client.  I found the reason why this doesn't work
    Anna> properly and implemented a workaround on openswan server. The
    Anna> problem and solution is explained in detail here:

  Please don't make me fish on your blog for the explanation.
  Post it here as text.

    Anna> Openswan implements the modeconfig in a different way then all
    Anna> other solutions I've seen. I can't find out which behaviour is
    Anna> correct - it looks like the details of deriving initialization

  Well, openswan interoperates with multiple cisco implementations that
were done by the authors of the ikecfg draft.

  There is only one way to calculate the initial IV. 

- -- 
]            Bear: "Me, I'm just the shape of a bear."          |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBRXYV2YCLcPvd0N1lAQIW9gf/ftey9uK2SelAt8DfH6NKCKUxPVT43XKu
V5AR01jN3Ms0Pch8+bDsQNy4mKZxp2LATusjt0fOW8aRuyCRrVuIVr6BDgk3dxoH
769u1pwXA1WsQUdYiNU1PtV0fr822XfFyeNi8HAO2TWEJrQSJNA255+gGQ7u6c34
zJx/U5iypuugIvwYTz9HJ+CgdR+o8gZQgKhC606eorBaVGP7YLHyg6blumU6GVd9
pyEiBK1moYAzQa+/0sNsTnjPvfqIvluiP/DuXPhkVLssbxw5ZuTXQLH5R1Np0MeI
fwlqdN2XC5TZIr1X6iMKASZlSH9r5efmhPfKLhmVJdWrToVpj8AWLg==
=NpaO
-----END PGP SIGNATURE-----