List Info

Thread: MODECFG/IKECFG/MODE CONFIG openswan server and third party clients
MODECFG/IKECFG/MODE CONFIG openswan server and third party clients
user name
 2006-12-05 12:34:59 
Hi,

Recently I was working on the problem of modeconfig
compatibility
between openswan server and softremote third-party client.
I found the reason why this doesn't work properly and
implemented a
workaround on openswan server. The problem and solution is
explained
in detail here:

http://popoludnica
.pl/?id=10100110

Openswan implements the modeconfig in a different way then
all other
solutions I've seen. I can't find out which behaviour is
correct - it
looks like the details of deriving initialization vector iv
for
payload encryption of mode config messages are not clearly
defined in
ikecfg draft.

Can anyone elaborate on this please?

Reagards!

--
Anna Wiejak
_______________________________________________
Dev mailing list
Devopenswan.org
http:/
/lists.openswan.org/mailman/listinfo/dev
MODECFG/IKECFG/MODE CONFIG openswan server and third party clients
user name
 2006-12-05 16:42:00 
On Tue, 5 Dec 2006, Anna Wiejak wrote:

> Recently I was working on the problem of modeconfig
compatibility
> between openswan server and softremote third-party
client.
> I found the reason why this doesn't work properly and
implemented a
> workaround on openswan server. The problem and solution
is explained
> in detail here:
>
> http://popoludnica
.pl/?id=10100110

Thanks. I took a quick peek to put this in a bug report, but
had a
hard time reading it on your website. The text scrolls out
of screen
and is tiny  I'll grab
it and read it over.

> Can anyone elaborate on this please?

We are currently quite busy, so this item might not get
attention
immediately, but we should pick it up in a few weeks. I'll
make
sure it gets an entry in bugs.openswan.org today so we won't
forget.

Thanks for your work on figuring out things!

Paul
-- 
Building and integrating Virtual Private Networks with
Openswan:
http://www.amazon.com/gp/product/1904811
256/104-3099591-2946327?n=283155
_______________________________________________
Dev mailing list
Devopenswan.org
http:/
/lists.openswan.org/mailman/listinfo/dev
MODECFG/IKECFG/MODE CONFIG openswan server and third party clients
user name
 2006-12-05 17:33:34 
On Tue, 5 Dec 2006, Paul Wouters wrote:

> > http://popoludnica
.pl/?id=10100110

> > Can anyone elaborate on this please?

Hi Anna,

I read the page and your descriptions, and created:

http://bugs
.xelerance.com/view.php?id=709

Though the patch seems small, it does change modeconfig
quite a bit. So I
am tempted to not apply this to 2.4.x, but use the newer
2.5.x branch. I
will let Michael decide.

I think we should perhaps add an option to choose between
using the IV from
phase1 or phase2, so we can support both on a per-conn
basis.

Michael?

Paul
_______________________________________________
Dev mailing list
Devopenswan.org
http:/
/lists.openswan.org/mailman/listinfo/dev
[1-3]

about | contact  Other archives ( Real Estate discussion Medical topics )