[Openswan Users] unencrypted l2tp packets

Jacco de Leeuw jacco2 at dds.nl
Sun Feb 12 17:47:21 CET 2006


Ben Willmore wrote:

> My guess is that the OpenSwan that comes with ubuntu5.04 (openswan
> 2.3.0-2) is also fine with 10.4.4 -- it certainly seemed to accept the
> headers without complaint. But the Mac seemed to be sending 'RFC 3947'
> first -- perhaps Apple are finally conforming to the standard?

Hey, this is good news. Could it be that they have switched to
ipsec-tools? After all, the KAME project has stopped working
on racoon. Is there a /usr/share/doc/ipsec-tools directory in
Mac OS 10.4.4?

> Feb 11 22:01:42 lithium pluto[17099]: packet from xx.xx.xx.xx:500:
> received Vendor ID payload [RFC 3947] method set to=109
> Feb 11 22:01:42 lithium pluto[17099]: packet from xx.xx.xx.xx:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set
> to=110
> Feb 11 22:01:42 lithium pluto[17099]: packet from xx.xx.xx.xx:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107,
> but already using method 110

This is a bit odd. You would expect Openswan to prefer RFC 3947 over
draft-ietf-ipsec-nat-t-ike...

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list