[Openswan dev] Openswan and Racoon interop issue in transport mode
Paul Wouters
paul at xelerance.com
Wed Nov 17 10:33:09 EST 2010
On Mon, 8 Nov 2010, Avesh Agarwal wrote:
> This is related to redhat bz 646718, which is related to interop issue
> between Openswan and Racoon2 in transport mode. I have prepared a patch
> (attached) to address this issue. The patch has been tested by redhat QE. The
> patch specifically checks all received notifications to determine the
> presence of USE_TRANSPORT_MODE as there may be multiple notifications, and
> USE_TRANSPORT_MODE may be or may not be the first one. I would appreciate
> your review/feedback, and can rework the patch accordingly.
Thanks Avesh. I merged it in.
I looked at the IKEv2 RFC, and if we follow it properly, and take into account
our setting of type= then I guess we should really deny transport mode when we
receive USE_TRANSPORT_MODE but we have type=tunnel (the default). Currently, we
seem to always switch to what the initiator wanted. Do you see a problem with
me changing that?
I will also have to takea closer look at the RFC to see what we should do with
NAT-T+Transmode mode in IKEv2. I think the best solution there might also be
to decline USE_TRANSPORT_MODE and remain in tunnel mode.
Paul
More information about the Dev
mailing list