[Openswan dev] MODECFG/IKECFG/MODE CONFIG openswan server and third party clients
Anna Wiejak
anias at popoludnica.pl
Thu Dec 7 09:58:42 EST 2006
Hi,
> You can't use the phase 2 IV because there is no phase 2 yet.
AND
> SoftRemote has clearly confused themselves, because they have decided to
> start the phase 2 negotiation even though the phase 1.5 (the modecfg)
> is not yet finished. This is clear from your next part:
That is what it does! Softremote starts the Phase2, but then it
receives the modeconfig SET packet from Openswan. It doesn't expect it
to come, but:
* modeconfig conversation is accepted,
* existing Phase2 is abandoned silently,
* virtual adaptor is created
* new Phase2 is started.
So - you're right it is Softremote error - Softremote is using IV of
just started Phase2 and this is simply wrong at the stage when Phase2
is initiated too early (before mode config).
Till (if) Softremote fixes their problem (I will point them at the
conversation) I will use my workaround anyway, but now things are at
least clear :)
Thanks again,
--
A. Wiejak
More information about the Dev
mailing list