[Openswan dev] Openswan and Racoon interop issue in transport mode

David McCullough david_mccullough at mcafee.com
Wed Nov 17 18:10:53 EST 2010

Jivin Paul Wouters lays it down ...
> On Mon, 8 Nov 2010, Avesh Agarwal wrote:
> > This is related to redhat bz 646718, which is related to interop issue 
> > between Openswan and Racoon2 in transport mode. I have prepared a patch 
> > (attached) to address this issue. The patch has been tested by redhat QE. The 
> > patch specifically checks all received notifications to determine the 
> > presence of USE_TRANSPORT_MODE as there may be multiple notifications, and 
> > USE_TRANSPORT_MODE may be or may not be the first one. I would appreciate 
> > your review/feedback, and can rework the patch accordingly.
> Thanks Avesh. I merged it in.
> I looked at the IKEv2 RFC, and if we follow it properly, and take into account
> our setting of type= then I guess we should really deny transport mode when we
> receive USE_TRANSPORT_MODE but we have type=tunnel (the default). Currently, we
> seem to always switch to what the initiator wanted. Do you see a problem with
> me changing that?

Is there any chance this affects L2TP setups ?  Not that I have played with
IKEv2/L2TP,  but I thought,  and I may be wrong,  we relied on the
tunnel/transport auto swapping to handle windows L2TP clients nicely.


David McCullough,      david_mccullough at mcafee.com,  Ph:+61 734352815
McAfee - SnapGear      http://www.mcafee.com         http://www.uCdot.org

More information about the Dev mailing list