[Openswan Users] vista AuthIP

Paul Wouters paul at xelerance.com
Wed Sep 5 15:18:36 EDT 2007


On Wed, 5 Sep 2007, Marco Berizzi wrote:

Show us the logs on the openswan end. And preferable the OAKLEY.LOG on
the windows end.

Openswan just ignores unknown vendorid's, so the microsoft devel team
seems to be wrong here. There is another reason for the failure.

Paul

> Date: Wed, 5 Sep 2007 14:40:18 +0200
> From: Marco Berizzi <pupilla at hotmail.com>
> Cc:  <users at lists.openswan.org>
> To: Jacco de Leeuw <jacco2 at dds.nl>
> Subject: Re: [Openswan Users] vista AuthIP
>
> Jacco de Leeuw wrote:
>
> > Marco Berizzi wrote:
> >
> > > I have an interoperability problem with
> > > vista.
> >
> > Can you post the details?
>
> Vista and openswan are able to establish the
> ipsec tunnel, but when I try to ping from
> vista to the net behing the ipsec gateway,
> vista and openswan restart a new IKE Handshaking
> which fails...
>
> > > The microsoft support has asked me if is
> > > it possible to change openswan configuration
> > > so that it does not respond to AuthIP
> > > (protocol extension that is not supported
> > > anyway)?
> >
> > Exactly, it is a proprietary extension which is only supported by
> > Vista and the upcoming Windows Server 2008. Openswan ignores the
> > AuthIP vendor IDs, it does not respond to them. Does Microsoft Support
> > say otherwise?
>
> Yes. Here is their version:
>
> [...]
> Basically what they [M$ development team] confirm is
> The 133 payload is an AuthIP payload, an IKE extension that we have
> introduced in Vista.
>
> The 133 payload is sent under exchange type 243. Looks like what is
> happening is that the linux implementation is accepting the exchange
> type 243 packet (it should drop it) and failing the negotiation when it
> finds a 133 payload in the packet.
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>

-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list