[strongSwan] strongswan 4.6.4 and IOS6
Martin Willi
martin at strongswan.org
Thu Nov 15 10:38:23 CET 2012
Hi Andreas,
> pluto[1640]: packet from 192.168.1.100:9873: next payload type of
> ISAKMP Message has an unknown value: 132
In some situations, iOS6 now uses the Cisco proprietary IKE
fragmentation, even if strongSwan did not indicate support for it. IKE
fragmentation is currently not supported in strongSwan.
> I read that the VPN tunnel should work with strongswan 5.
The new IKEv1 implementation in strongSwan 5.x can't handle IKE
fragmentation, either.
> Is there a patch for strongswan 4.6.4. to enable the VPN tunnel with
> IOS6.
No. I don't know what the exact parameters are when iOS6/racoon switches
to IKE fragmentation. It works with some (shorter?) certificates, but
not with others.
Regards
Martin
More information about the Users
mailing list