[Openswan dev] CheckPoint secureclient patch updated to -2.4.9

Andrew Gaylard ag at computer.org
Wed Sep 5 08:42:47 EDT 2007

I've recently needed to get connectivity set up to a Checkpoint FW1
system, and managed to get the patch for -2.4.0 by Chris Poon to
work with -2.4.9 (new patch attached).

The only wrinkles I encountered were:

openswan would dump core for some of the packets sent to it
  from FW1.  I simply changed the way xauth.c would log them:

@@ -2232,8 +2236,8 @@

-                   openswan_log("while waiting for XAUTH_STATUS, got %s
-                        , enum_show(&modecfg_attr_names, (
attr.isaat_af_type & ISAKMP_ATTR_RTYPE_MASK)));
+                   openswan_log("while waiting for XAUTH_STATUS, got %d
+                        , attr.isaat_af_type & ISAKMP_ATTR_RTYPE_MASK);
  I now get log messages of the form:
  #1: XAUTH: Unsupported attribute: 18

  Is this of concern for vanilla openswan? (i.e. could bad packets from
  the peer crash an unpatched pluto?)

Office mode isn't supported.  Does anyone know where the details
of CheckPoint's office mode are documented? (I don't want to have
openswan implement it, I'm just curious about what the VPN peer is
sending to me).

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/dev/attachments/20070905/a06f6803/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openswan-2.4.9-SecureClient.diff
Type: application/octet-stream
Size: 19473 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/dev/attachments/20070905/a06f6803/attachment-0001.obj 

More information about the Dev mailing list