[strongSwan] DPD [lack of] interoperability between strongswan and Cisco IOS

Martin Willi martin at strongswan.org
Mon Jun 10 14:48:17 CEST 2013


> parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
> generating ID_PROT request 0 [ ID HASH ]

I don't see that charon processes any vendor IDs in the second MM
response. 

When I send some vendor IDs in that message, the initiator processes
them properly:

> parsed ID_PROT response 0 [ KE No V V V V V NAT-D NAT-D ]
> received strongSwan vendor ID
> received XAuth vendor ID
> received DPD vendor ID
> received Cisco Unity vendor ID
> received NAT-T (RFC 3947) vendor ID
> generating ID_PROT request 0 [ ID HASH ]

Can you please double-check that you are running the correct, patched
version?

If this is the case, you may try to add some additional debugging to
isakmp_vendor.c, as I can't reproduce the issue here with the patch
applied.

Regards
Martin





More information about the Users mailing list