[Openswan Users] unencrypted l2tp packets
Ben Willmore
bwillmore at berkeley.edu
Mon Feb 20 03:30:19 CET 2006
On 2/19/06, Ben Willmore <bwillmore at berkeley.edu> wrote:
> Jacco de Leeuw wrote:
> >Ben Willmore wrote:
> >> Feb 11 22:01:42 lithium pluto[17099]: packet from xx.xx.xx.xx:500:
> >> received Vendor ID payload [RFC 3947] method set to=109
> >> Feb 11 22:01:42 lithium pluto[17099]: packet from xx.xx.xx.xx:500:
> >> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set
> >> to=110
> >> Feb 11 22:01:42 lithium pluto[17099]: packet from xx.xx.xx.xx:500:
> >> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107,
> >> but already using method 110
> >
> >This is a bit odd. You would expect Openswan to prefer RFC 3947 over
> >draft-ietf-ipsec-nat-t-ike...
>From vendor.c:
#ifdef NAT_TRAVERSAL
/**
* Use most recent supported NAT-Traversal method and
ignore
* the other ones (implementations will send all supported
* methods but only one will be used)
*
* Note: most recent == higher id in vendor.h
*/
>From vendor.h:
VID_NATT_RFC =109,
VID_NATT_DRAFT_IETF_IPSEC_NAT_T_IKE =110,
It looks as though these should be swapped, but perhaps this is
intentional because OSX claims to speak RFC 3947 but actually fails to
do so.
Ben
More information about the Users
mailing list