[Openswan dev] Openswan and Racoon interop issue in transport mode
david_mccullough at mcafee.com
Wed Nov 17 18:10:53 EST 2010
Jivin Paul Wouters lays it down ...
> On Mon, 8 Nov 2010, Avesh Agarwal wrote:
> > This is related to redhat bz 646718, which is related to interop issue
> > between Openswan and Racoon2 in transport mode. I have prepared a patch
> > (attached) to address this issue. The patch has been tested by redhat QE. The
> > patch specifically checks all received notifications to determine the
> > presence of USE_TRANSPORT_MODE as there may be multiple notifications, and
> > USE_TRANSPORT_MODE may be or may not be the first one. I would appreciate
> > your review/feedback, and can rework the patch accordingly.
> Thanks Avesh. I merged it in.
> I looked at the IKEv2 RFC, and if we follow it properly, and take into account
> our setting of type= then I guess we should really deny transport mode when we
> receive USE_TRANSPORT_MODE but we have type=tunnel (the default). Currently, we
> seem to always switch to what the initiator wanted. Do you see a problem with
> me changing that?
Is there any chance this affects L2TP setups ? Not that I have played with
IKEv2/L2TP, but I thought, and I may be wrong, we relied on the
tunnel/transport auto swapping to handle windows L2TP clients nicely.
David McCullough, david_mccullough at mcafee.com, Ph:+61 734352815
McAfee - SnapGear http://www.mcafee.com http://www.uCdot.org
More information about the Dev