[Openswan dev] Re: [PATCH] Openswan and OS X with NAT-T
Peter Van der Beken
peterv at propagandism.org
Fri Feb 17 08:20:09 CET 2006
Michael Richardson wrote:
> so, we put code in such that it didn't matter the order of the hashes.
> Given that, 10.4.4 should have worked.
> If OSX 10.4.5 supports RFC3947 out of the box, how come we need a
> patch?
Note that my patch is against Openswan 2.4.4, which doesn't have the
code to ignore the order of the hashes.
> I'm really confused here.
> It seems that 10.4.5 is broken, if we need to patch to work with it.
> Or, are you claiming openswan 2.4.5 has a bug still?
No, I'm claiming Openswan 2.4.4 does, Openswan 2.4.5 will probably work
out of the box with 10.4.5.
I think you'll still want to take the constants.c patch, so that logging
makes some sense.
The vendor.h one probably isn't necessary in 2.4.5 to be interoperable
with 10.4.5, but IMHO it's nicer to use the RFC-based NAT-T and not the
draft ones. But that's up for you guys to decide.
Thanks,
Peter
More information about the Dev
mailing list