[Openswan Users] vista AuthIP
Jacco de Leeuw
jacco2 at dds.nl
Mon Nov 12 12:07:48 EST 2007
Paul Wouters wrote:
> On Wed, 5 Sep 2007, Marco Berizzi wrote:
>
> Show us the logs on the openswan end. And preferable the OAKLEY.LOG on
> the windows end.
>
> Openswan just ignores unknown vendorid's, so the microsoft devel team
> seems to be wrong here. There is another reason for the failure.
>
>> Date: Wed, 5 Sep 2007 14:40:18 +0200
>> From: Marco Berizzi <pupilla at hotmail.com>
>>
>> I have an interoperability problem with
>> vista.
>> [...]
>> Basically what they [M$ development team] confirm is
>> The 133 payload is an AuthIP payload, an IKE extension that we have
>> introduced in Vista.
>>
>> The 133 payload is sent under exchange type 243. Looks like what is
>> happening is that the linux implementation is accepting the exchange
>> type 243 packet (it should drop it) and failing the negotiation when it
>> finds a 133 payload in the packet.
I have been informed (not by Microsoft) that this is a bug in Vista and that
it has been fixed starting from Windows Vista Service Pack 1 Beta 6001.17036
v.652.
For more details see:
http://www.jacco2.dds.nl/networking/vista-openswan.html#pure_IPsec
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list