[Openswan Users] openswan 2.1.0rc1 and crls
Michael Richardson
mcr at sandelman.ottawa.on.ca
Tue Mar 9 19:20:32 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Paul" == Paul Wouters <paul at xelerance.com> writes:
>> Mar 9 13:40:33 ppcsec pluto[20471]: packet from 67.20.62.114:500:
>> ignoring Vendor ID payload [FRAGMENTATION]
Paul> This isn't too good. There are known problems with
Paul> certificates and fragmentation.
>> Mar 9 13:40:33 ppcsec pluto[20471]: packet from 67.20.62.114:500:
>> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Paul> nat traversal detected.
>> #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03:
>> peer is NATed
Paul> and used.
>> Mar 9 13:40:33 ppcsec kernel: udp_encap_rcv(): Unhandled UDP
>> encap type: 1 Mar 9 13:40:34 ppcsec kernel: udp_encap_rcv():
>> Unhandled UDP encap type: 1
Paul> It seems there is a conflict in nat-traversal. The kernel
Paul> detected a type of udp encapsulation it doesn't know. In your
Paul> case this is the encapsulation of windows' ipsec stack.
That's weird.
02/03 is the newer type of encap which many windows stacks do not yet
support.
00/01 would be type 1, ("NON_IKE") while 02/03 is type 2 ("NON_ESP").
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQE5fTIqHRg3pndX9AQHWNgP/Y0QF3qmyDQfQK7bA1ugUjVbSpABmhWwT
EcYmk3iHJmuTEiuJ9UNoSKsfxMAe/eLNQ6gzDvgLEiWfgooIUbZb99RqCXBDk9Ja
yaSYf0ANnSUotM7dVdNtOQaDuVnNh70V1FwqJMFDupSbjOh/mzQ1UQ+A5ueeEEeE
ke33fVwVOBw=
=jVQn
-----END PGP SIGNATURE-----
More information about the Users
mailing list