List Info

Thread: nat-t openswan interop problem Win2003
nat-t openswan interop problem Win2003
user name
 2006-01-03 16:24:31 
>>>>> "Jacco" == Jacco de Leeuw
<jacco2dds.nl> writes:
    Jacco> Windows Server 2003 does not support the
draft-02 vendorid without
    Jacco> the extra newline character. If you modify
Openswan to send both
    Jacco> vendorids (the ones with and without the
newline) then the NAT-T
    Jacco> negotiation will continue.

  Sigh. Stupid MS.
  Can't they issue a patch faster than that? draft-02 is
probably close to
three years old!

    Jacco> Ignoring the Commit flag, ISAKMP_NEXT_HASH and
    Jacco> INVALID_PAYLOAD_TYPE errors for the moment,
could it be a bug in
    Jacco> Win2003 where it always uses a client ID
consisting of the
    Jacco> external IP address of the NAT router?

  Well, if you think about it, the client *CAN'T* know the
external IP.
It's a bug in Openswan. We have preliminary patches, but
they won't be
released yet.

-- 
]       ON HUMILITY: to err is human. To moo, bovine.       
   |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON
   |net architect[
] mcrxelerance.com      http://www.san
delman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel
hacking, security guy"); [
_______________________________________________
Dev mailing list
Devopenswan.org
http:/
/lists.openswan.org/mailman/listinfo/dev
nat-t openswan interop problem Win2003
user name
 2006-01-03 21:50:22 
Michael Richardson wrote:

>   Sigh. Stupid MS.
>   Can't they issue a patch faster than that? draft-02
is probably close to
> three years old!

Perhaps they fixed it in Windows 2003 R2 or Vista but I
haven't tried.
This is how Microsoft works, you pay for new features...

Can you add VID_NATT_IETF_02_N to the list of VIDs or does
it break things?
If it works it would add Netscreen NAT-T interoperability as
a bonus.

>   Well, if you think about it, the client *CAN'T* know
the external IP.

How do the Windows clients know it then? Or do you think
they just ignore it?

> It's a bug in Openswan. We have preliminary patches,
but they won't be
> released yet.

I don't know if you have already tested those patches but
you can download
a Windows 2003 trial copy from the Microsoft website.

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl
                     Mosquitos suck
_______________________________________________
Dev mailing list
Devopenswan.org
http:/
/lists.openswan.org/mailman/listinfo/dev
[1-2]

about | contact  Other archives ( Real Estate discussion Medical topics )