[Openswan dev] nat-t openswan interop problem Win2003

Michael Richardson mcr at sandelman.ottawa.on.ca
Tue Jan 3 11:24:31 CET 2006

>>>>> "Jacco" == Jacco de Leeuw <jacco2 at dds.nl> writes:
    Jacco> Windows Server 2003 does not support the draft-02 vendorid without
    Jacco> the extra newline character. If you modify Openswan to send both
    Jacco> vendorids (the ones with and without the newline) then the NAT-T
    Jacco> negotiation will continue.

  Sigh. Stupid MS.
  Can't they issue a patch faster than that? draft-02 is probably close to
three years old!

    Jacco> Ignoring the Commit flag, ISAKMP_NEXT_HASH and
    Jacco> INVALID_PAYLOAD_TYPE errors for the moment, could it be a bug in
    Jacco> Win2003 where it always uses a client ID consisting of the
    Jacco> external IP address of the NAT router?

  Well, if you think about it, the client *CAN'T* know the external IP.
It's a bug in Openswan. We have preliminary patches, but they won't be
released yet.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 480 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/dev/attachments/20060103/f946ba54/attachment-0001.bin

More information about the Dev mailing list