[Openswan Users] Trying to get Openswan working Ubuntu to Cisco ASA 5510
Paul Wouters
paul at xelerance.com
Wed Mar 10 00:05:25 EST 2010
On Tue, 9 Mar 2010, Michael H. Warfield wrote:
[aggressive mode]
> We now know that we can, in
> fact, generate multiple proposals, provided the DH group is at least
> kept constant, since that's what vpnc is doing.
Note that "some implementation can do this" is not the same as being RFC
compliant. What is needed is the check with the proper RFC's to see if
this is indeed valid, and if so, update to code.
> Fixing that would seem
> to cover a wealth of sins with these Cisco boxes. Any hope for that?
Though we'd gladly accept patches, I think people would rather put their
energy into IKEv2, then into fixing IKEv1 Aggressive Mode.
Michael (Richardson), can you perhaps tell us more about why Openswan
claims there can only be one proposal in Aggressive Mode?
Paul
More information about the Users
mailing list