[Openswan dev] more info on pfs failure previous message
Michael Richardson
mcr at xelerance.com
Fri Mar 10 19:43:30 CET 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> If I run tcpdump on the openswan box's own interface, I see some
> packets with {src 500, dst 4500} and others with {src 4500, dst
> 4500}. As far as I can tell, the 500/4500 ones are IKE, and 4500/4500
> are payload (i.e. test pings)
Yes, the basically correct.
However, it is supposed to send 500/500 and 4500/4500.
Aggressive mode + NAT isn't well tested. That shouldn't matter re: the
pfkey issue, except that perhaps it confuses things.
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Finger me for keys
iQEVAwUBRBIdLYCLcPvd0N1lAQKylQgArf7HVofjPdI2Ocb1ulITXk02aZGm9qlw
aTSinYk1kuvac4JXMCYOpE43ViTjvK9m7ViB9GzEp3HvXrbFN21cHnb9ax7DtuUC
TVOg4B/9HzqkRs5iiGAmd7tVw8Ut0/rp3WAx1YAeKa8DWh/s5Z7N9cEcyZZ6egu2
LkSbZ9g4RdXvCv4p9vtVTPnwc0GdGJKQ89KELoChaKNn8fWu/XRlpJ9vIIMzO9xr
o7byNZBH/D22LHOxjIi08+x19Z50loBRmUdSjSRSvqaX7jzpJUQNFRYKQfIHTh+o
TOe81YFN63rtjkzUAapG6Vx5d0MunRglMvTOjXrTDVmj+P+B7umzHg==
=rHOJ
-----END PGP SIGNATURE-----
More information about the Dev
mailing list