[Openswan dev] nat-t openswan interop problem Win2003

Michael Richardson mcr at sandelman.ottawa.on.ca
Wed Jan 4 11:17:00 CET 2006

Hash: SHA1

>>>>> "Jacco" == Jacco de Leeuw <jacco2 at dds.nl> writes:
    Jacco> Michael Richardson wrote:

    >> Sigh. Stupid MS.  Can't they issue a patch faster than that? 
    >> draft-02 is probably close to three years old!

    Jacco> Perhaps they fixed it in Windows 2003 R2 or Vista but I
    Jacco> haven't tried.  This is how Microsoft works, you pay for new
    Jacco> features...

  So, who pays us to add work arounds for features that you didn't pay
us?  It is a serious question.  Why should open source maintainers take
time away from adding new features to support interoperating with people
who were too cheap to pay their yearly tithe to microsoft?

    Jacco> Can you add VID_NATT_IETF_02_N to the list of VIDs or does it
    Jacco> break things?  If it works it would add Netscreen NAT-T
    Jacco> interoperability as a bonus.

  I don't see why we can't add that. It's simple enough. It's just
frustrating to waste time like this.

    >> Well, if you think about it, the client *CAN'T* know the external
    >> IP.

    Jacco> How do the Windows clients know it then? Or do you think they
    Jacco> just ignore it?

  Openswan is actually copying the external IP over the phase 2 proposal
before interpreting it. It's a bug.

    >> It's a bug in Openswan. We have preliminary patches, but they
    >> won't be released yet.

    Jacco> I don't know if you have already tested those patches but you
    Jacco> can download a Windows 2003 trial copy from the Microsoft
    Jacco> website.

  See above, re: who pays for this.

- -- 
]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Finger me for keys


More information about the Dev mailing list