[Openswan Users] Re: [Openswan dev] next payload type of ISAKMP Hash Payload has an unknown value XX error

Michael Richardson mcr at xelerance.com
Mon Oct 18 16:43:25 CEST 2004


-----BEGIN PGP SIGNED MESSAGE-----


Paul, what does the openswan end say?

In head are some fixes to better deal with notifies in a situation where
they are received when we have not yet gone encrypted. Clearly, you
can't complain that they aren't encrypted, if they couldn't have been.

Also, two openswan's could get into a notify battle, as each sent an
encrypted notify, saying that the payload was invalid, but since there
wasn't a valid key, each notify would be invalid...

As well, we will kill the SA attempt if the total number of notifies
sent and received is 10, as long as we sent as least 5.

- --
]     "Elmo went to the wrong fundraiser" - The Simpson         |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQXQc2IqHRg3pndX9AQEzCgQA14+aQkFXPCLPZdyK4YQxXVh6/DDMEUr+
WEtz70eYs59iD2htEebGt+Q09ZtAqrb0zGVa/HmQYPAC8FK+C3Hov6FAv6ALqiVc
msLRzHVq/op+TKin5XwdlxlMgHSvls7uUIN48dX8zXJqwO710I+JeoPet7x+mX6d
iWwayQF8v7U=
=gQt8
-----END PGP SIGNATURE-----


More information about the Users mailing list