nat-t openswan interop problem Win2003

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>> "Jacco" == Jacco de Leeuw
<jacco2dds.nl> writes:
    Jacco> Michael Richardson wrote:

    >> Sigh. Stupid MS.  Can't they issue a patch
faster than that? 
    >> draft-02 is probably close to three years old!

    Jacco> Perhaps they fixed it in Windows 2003 R2 or
Vista but I
    Jacco> haven't tried.  This is how Microsoft works,
you pay for new
    Jacco> features...

  So, who pays us to add work arounds for features that you
didn't pay
us?  It is a serious question.  Why should open source
maintainers take
time away from adding new features to support interoperating
with people
who were too cheap to pay their yearly tithe to microsoft?


    Jacco> Can you add VID_NATT_IETF_02_N to the list of
VIDs or does it
    Jacco> break things?  If it works it would add
Netscreen NAT-T
    Jacco> interoperability as a bonus.

  I don't see why we can't add that. It's simple enough.
It's just
frustrating to waste time like this.

    >> Well, if you think about it, the client *CAN'T*
know the external
    >> IP.

    Jacco> How do the Windows clients know it then? Or do
you think they
    Jacco> just ignore it?

  Openswan is actually copying the external IP over the
phase 2 proposal
before interpreting it. It's a bug.

    >> It's a bug in Openswan. We have preliminary
patches, but they
    >> won't be released yet.

    Jacco> I don't know if you have already tested those
patches but you
    Jacco> can download a Windows 2003 trial copy from
the Microsoft
    Jacco> website.

  See above, re: who pays for this.

- -- 
]       ON HUMILITY: to err is human. To moo, bovine.       
   |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON
   |net architect[
] mcrxelerance.com      http://www.san
delman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel
hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBQ7v0+oCLcPvd0N1lAQI1oQgAjAz0lWvkpAPwTC7jwKF+nowFVSdv
2lE8
5Pjl/bKKRoAu0Q1FfNz1vGjaTu7XdW+LDuyWPvclWxX4n9okAl0C92cF8MjF
fQCi
LD6y5863pm+aszDdlvVPzTcUU176DwEwZDMtQrdfnBV/ZZb20mMD9Qs6aS3c
T/Ie
Wd39QHBNi5OxYHBx5+XD1MQRtNBhbvIxVfltQO9sRwE2YGQhDoj1/KrNoVdv
3AOQ
vRNWxBkyqJjbxYu2puvnNLxno6Mg62UDYvfK5ApIgfycOEST9Z9TlMqvsb/a
IUVm
6FIFNZKYJoIL0rYxsKbzkgZfnaMW1JAFqqxt2jfSHUrKuPLtHEDtSA==
=0u9z
-----END PGP SIGNATURE-----
_______________________________________________
Dev mailing list
Devopenswan.org
http:/
/lists.openswan.org/mailman/listinfo/dev

Michael Richardson wrote:

>     Jacco> Perhaps they fixed it in Windows 2003 R2
or Vista but I
>     Jacco> haven't tried.  This is how Microsoft
works, you pay for new
>     Jacco> features...

Perhaps I wasn't clear but this was meant to be a cynical
remark about
Microsoft's upgrade policy. I expect RFC 3947 support to be
only in
Vista or possibly Windows 2003 R2. No, I don't like this
either.

This situation has happened before: in 2003 Microsoft
employees said that
a NAT-T server-side update would be released for Windows
2000 Server, but
later it turned out that only Windows 2003 would support
server-side NAT-T.
This was strictly a business decision because they did
release a client-side
NAT-T update for Windows 2000 Professional.

> So, who pays us to add work arounds for features that
you didn't pay
> us?  It is a serious question.  Why should open source
maintainers take
> time away from adding new features to support
interoperating with people
> who were too cheap to pay their yearly tithe to
microsoft?

I'm not sure what you are getting at.

I reported two issues. The first one was caused by an honest
mistake
of the RFC maintainer. Microsoft chose to interpret the MD5
calculation
one way, you chose the other way. There is much to say about
Microsoft's
unfair business practices but this is not one of them. The
second issue
is an Openswan bug, according to yourself.

I don't know the ins and outs of Openswan's funding. What
exactly do you
want people to pay for? What do they get in return? How do
you wish to be
paid? Do you want people to buy the book? Is there a Paypal
account?
T-shirts to buy? Mugs? You should put this kind of
information on your
website.

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl
                     Mosquitos suck
_______________________________________________
Dev mailing list
Devopenswan.org
http:/
/lists.openswan.org/mailman/listinfo/dev

On Wed, 4 Jan 2006, Jacco de Leeuw wrote:

> Michael Richardson wrote:
>
>>     Jacco> Perhaps they fixed it in Windows 2003
R2 or Vista but I
>>     Jacco> haven't tried.  This is how Microsoft
works, you pay for new
>>     Jacco> features...
>
> Perhaps I wasn't clear but this was meant to be a
cynical remark about
> Microsoft's upgrade policy. I expect RFC 3947 support
to be only in
> Vista or possibly Windows 2003 R2. No, I don't like
this either.
>
> This situation has happened before: in 2003 Microsoft
employees said that
> a NAT-T server-side update would be released for
Windows 2000 Server, but
> later it turned out that only Windows 2003 would
support server-side NAT-T.
> This was strictly a business decision because they did
release a client-side
> NAT-T update for Windows 2000 Professional.
>
>> So, who pays us to add work arounds for features
that you didn't pay
>> us?  It is a serious question.  Why should open
source maintainers take
>> time away from adding new features to support
interoperating with people
>> who were too cheap to pay their yearly tithe to
microsoft?
>
> I'm not sure what you are getting at.
>
> I reported two issues. The first one was caused by an
honest mistake
> of the RFC maintainer. Microsoft chose to interpret the
MD5 calculation
> one way, you chose the other way. There is much to say
about Microsoft's
> unfair business practices but this is not one of them.
The second issue
> is an Openswan bug, according to yourself.

I know I fixed this in my GIT tree, I'll backport it into
2.4.5 tree.

Ken
_______________________________________________
Dev mailing list
Devopenswan.org
http:/
/lists.openswan.org/mailman/listinfo/dev

On Wed, 4 Jan 2006, Ken Bantoft wrote:

>
> On Wed, 4 Jan 2006, Jacco de Leeuw wrote:
>
>> Michael Richardson wrote:
>>
>>>     Jacco> Perhaps they fixed it in Windows
2003 R2 or Vista but I
>>>     Jacco> haven't tried.  This is how
Microsoft works, you pay for new
>>>     Jacco> features...
>> 
>> Perhaps I wasn't clear but this was meant to be a
cynical remark about
>> Microsoft's upgrade policy. I expect RFC 3947
support to be only in
>> Vista or possibly Windows 2003 R2. No, I don't like
this either.
>> 
>> This situation has happened before: in 2003
Microsoft employees said that
>> a NAT-T server-side update would be released for
Windows 2000 Server, but
>> later it turned out that only Windows 2003 would
support server-side NAT-T.
>> This was strictly a business decision because they
did release a 
>> client-side
>> NAT-T update for Windows 2000 Professional.
>> 
>>> So, who pays us to add work arounds for
features that you didn't pay
>>> us?  It is a serious question.  Why should open
source maintainers take
>>> time away from adding new features to support
interoperating with people
>>> who were too cheap to pay their yearly tithe to
microsoft?
>> 
>> I'm not sure what you are getting at.
>> 
>> I reported two issues. The first one was caused by
an honest mistake
>> of the RFC maintainer. Microsoft chose to interpret
the MD5 calculation
>> one way, you chose the other way. There is much to
say about Microsoft's
>> unfair business practices but this is not one of
them. The second issue
>> is an Openswan bug, according to yourself.
>
> I know I fixed this in my GIT tree, I'll backport it
into 2.4.5 tree.
>

Let me clarify - I fixed the sending of draft 02_N (which I
just commited 
to CVS).  I only just read about the other errors happening
with win2k3 
you found.

Ken
_______________________________________________
Dev mailing list
Devopenswan.org
http:/
/lists.openswan.org/mailman/listinfo/dev