[Openswan Users] unencrypted l2tp packets
Jacco de Leeuw
jacco2 at dds.nl
Sun Feb 12 17:47:21 CET 2006
Ben Willmore wrote:
> My guess is that the OpenSwan that comes with ubuntu5.04 (openswan
> 2.3.0-2) is also fine with 10.4.4 -- it certainly seemed to accept the
> headers without complaint. But the Mac seemed to be sending 'RFC 3947'
> first -- perhaps Apple are finally conforming to the standard?
Hey, this is good news. Could it be that they have switched to
ipsec-tools? After all, the KAME project has stopped working
on racoon. Is there a /usr/share/doc/ipsec-tools directory in
Mac OS 10.4.4?
> Feb 11 22:01:42 lithium pluto[17099]: packet from xx.xx.xx.xx:500:
> received Vendor ID payload [RFC 3947] method set to=109
> Feb 11 22:01:42 lithium pluto[17099]: packet from xx.xx.xx.xx:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set
> to=110
> Feb 11 22:01:42 lithium pluto[17099]: packet from xx.xx.xx.xx:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107,
> but already using method 110
This is a bit odd. You would expect Openswan to prefer RFC 3947 over
draft-ietf-ipsec-nat-t-ike...
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list