[Openswan dev] MODECFG/IKECFG/MODE CONFIG openswan server and third party clients

Anna Wiejak anna.wiejak at gmail.com
Wed Dec 6 04:40:29 EST 2006


Thanks for attention.
The reason I put the patch on dev mailing list, was to provide a way I
managed to do it, to anyone who may be struggling with the same

I do know that the patch breaks few things (openswan _client_
compatibility, also discarding QUICK MODE packets till the mode config
is done is not the best idea - but was the only quick fix for
softremote I could figure out).
I also hope someone more more familiar with openswan code would find a
better way of doing things.

>   Well, openswan interoperates with multiple cisco implementations that
> were done by the authors of the ikecfg draft.
Is there anyone who has seen modeconfig in operation on cisco?
I am curious to know if modeconfig payload is sent encrypted there
(which seems to be the only reasonable way) or not (which is also
supported according to the draft).

>   Please don't make me fish on your blog for the explanation.
>   Post it here as text.
Will remember next time -
* I thought the text + patch may be too long, thus unreadable to put in an email
* wasn't sure if this would get any attention, so I just put a short
story on dev mailing list with a reference.
Thanks for Paul comments too - now I understand it was unreadable the
way I provided it :)



More information about the Dev mailing list