[Openswan Users] klips openswan2.4.0 +kernel 2.6.13.2 nat-t
failed
mcr
mcr at sandelman.ottawa.on.ca
Thu Oct 27 02:31:45 CEST 2005
>>>>> "Delta" == Delta Yeh <delta.yeh at gmail.com> writes:
Delta> seg of auto.log 26 11:03:05 firewall pluto[21786]: "sh_bj" #1:
Delta> initiating Aggressive Mode #1, connection "sh_bj" Oct 26 11:03:05
Delta> firewall pluto[21786]: "sh_bj" #1: message ignored because it
Delta> contains an unknown or unexpected payload type (ISAKMP_NEXT_NAT-D)
Why use inferior aggressive mode with PSK for openswan<->openswan?
It's less secure and harder than raw rsa keys.
You can try this and let us know:
Index: demux.c
===================================================================
RCS file: /xelerance/master/openswan-2/programs/pluto/demux.c,v
retrieving revision 1.241
diff -u -r1.241 demux.c
--- demux.c 9 Oct 2005 20:30:12 -0000 1.241
+++ demux.c 27 Oct 2005 05:28:26 -0000
@@ -415,12 +415,12 @@
*/
{ STATE_AGGR_R0, STATE_AGGR_R1,
SMF_PSK_AUTH| SMF_REPLY,
- P(SA) | P(KE) | P(NONCE) | P(ID), P(VID), PT(NONE),
+ P(SA) | P(KE) | P(NONCE) | P(ID), P(VID) | P(NATD_RFC), PT(NONE),
EVENT_RETRANSMIT, aggr_inI1_outR1_psk },
{ STATE_AGGR_R0, STATE_AGGR_R1,
SMF_DS_AUTH | SMF_REPLY,
- P(SA) | P(KE) | P(NONCE) | P(ID), P(VID), PT(NONE),
+ P(SA) | P(KE) | P(NONCE) | P(ID), P(VID) | P(NATD_RFC), PT(NONE),
EVENT_RETRANSMIT, aggr_inI1_outR1_rsasig },
/* STATE_AGGR_I1:
--
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 306 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20051027/c5e05c5c/attachment.bin
More information about the Users
mailing list