[strongSwan] strongswan 4.6.4 and IOS6

Andreas Fett a.fett at gmx.de
Sat Nov 17 21:00:54 CET 2012


On Fri, Nov 16, 2012 at 05:16:06PM +0100, Gerd v. Egidy wrote:
> AFAIK Astaro/Sophos is using strongswan and they announced a patch for this 
> problem in their version 9.004 and 8.307:
> Their customers can download the binaries for some time and since today at 
> least the source for 9.004 is available here:
> http://download.astaro.de/GPL_source_code/
> I haven't had the time yet to take a look into it. But at least in theory the 
> patch should be somewhere in there.

I did have some time to look at it. You will find a patch implementing
Ciscos proprietary IKE fragmentation in the patches tarball in the
chroot-ipsec source rpm. It's based on Strongswan 4.4.1. I managed
to port (it did not apply cleanly) that patch to the 4.5.2 based
debian backports version and it at least compiles. Tests are still pending.

This is however a temporary workaround as this will surely not
work on 5.x. and therefore most likely never get into the
official srongswan repos.


The three chief virtues of a programmer are:
Laziness, Impatience and Hubris. -- Larry Wall
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121117/969ae3c7/attachment.pgp>

More information about the Users mailing list