[Openswan Users] Cisco and Win2003 fixes in Openswan 2.4.10

Jacco de Leeuw jacco2 at dds.nl
Sun Feb 24 16:48:43 EST 2008

>From the Openswan 2.4.10 changelog:

  #449: 17/%any is a template conn problem [mcr]
  #802: Error: "our client ID returned doesn't match my proposal" [mcr/paul]

These fix problems with Cisco and Windows Server 2003 based L2TP/IPsec
servers. Couple of questions:

- I see that the bug relating to the Cisco problem is closed, but has
  anyone confirmed that by actually connecting to one?

- When connecting to a Cisco server, the following is logged:
  "Allowing bad L2TP/IPsec proposal (see bug #849) anyway".
  I suppose this refers to bug #449 as well? Bug #849 is not
  listed in the changelog.

- Windows Server 2003 and ISA Server 2006 also send bad L2TP/IPsec
  proposals: they are confused about subnets in the negotiation.
  However, unlike the Cisco fix, the workaround in Openswan 2.4.10 is
  not enabled by default. You have to define ALLOW_MICROSOFT_BAD_PROPOSAL
  to enable the workaround. Are there any cons in enabling it? Or is it
  a matter of waiting for Microsoft to fix their stuff?

- Is there anyone who tried connecting to Windows Server 2008?
  I don't suppose Microsoft has fixed the problem mentioned above?

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list