[Openswan Users] unencrypted l2tp packets

Ben Willmore bwillmore at berkeley.edu
Sun Feb 19 13:30:25 CET 2006


Hi Jacco,

Jacco de Leeuw wrote:
>Ben Willmore wrote:

>> My guess is that the OpenSwan that comes with ubuntu5.04 (openswan
>> 2.3.0-2) is also fine with 10.4.4 -- it certainly seemed to accept the
>> headers without complaint. But the Mac seemed to be sending 'RFC 3947'
>> first -- perhaps Apple are finally conforming to the standard?
>
>Hey, this is good news. Could it be that they have switched to
>ipsec-tools? After all, the KAME project has stopped working
>on racoon. Is there a /usr/share/doc/ipsec-tools directory in
>Mac OS 10.4.4?

Nope.

>> Feb 11 22:01:42 lithium pluto[17099]: packet from xx.xx.xx.xx:500:
>> received Vendor ID payload [RFC 3947] method set to=109
>> Feb 11 22:01:42 lithium pluto[17099]: packet from xx.xx.xx.xx:500:
>> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set
>> to=110
>> Feb 11 22:01:42 lithium pluto[17099]: packet from xx.xx.xx.xx:500:
>> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107,
>> but already using method 110
>
>This is a bit odd. You would expect Openswan to prefer RFC 3947 over
>draft-ietf-ipsec-nat-t-ike...

Probably I'm misinterpreting the above log messages...

Ben


More information about the Users mailing list