[strongSwan] DPD [lack of] interoperability between strongswan and Cisco IOS
Olivier PELERIN
olivier_pelerin at hotmail.com
Mon Jun 10 18:01:52 CEST 2013
That's indeed wierd. I dont see anything in Strongswan debugs about the vendor-ID payload.
It's in the 4th packet of the packet capture and to answer your question, the /usr/sbin/ipsec file is indeed the new one.
It's exactly the time when I've emerged the sw
> Subject: Re: [strongSwan] DPD [lack of] interoperability between strongswan and Cisco IOS
> From: martin at strongswan.org
> To: olivier_pelerin at hotmail.com
> CC: users at lists.strongswan.org
> Date: Mon, 10 Jun 2013 14:48:17 +0200
>
>
> > parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
> > generating ID_PROT request 0 [ ID HASH ]
>
> I don't see that charon processes any vendor IDs in the second MM
> response.
>
> When I send some vendor IDs in that message, the initiator processes
> them properly:
>
> > parsed ID_PROT response 0 [ KE No V V V V V NAT-D NAT-D ]
> > received strongSwan vendor ID
> > received XAuth vendor ID
> > received DPD vendor ID
> > received Cisco Unity vendor ID
> > received NAT-T (RFC 3947) vendor ID
> > generating ID_PROT request 0 [ ID HASH ]
>
> Can you please double-check that you are running the correct, patched
> version?
>
> If this is the case, you may try to add some additional debugging to
> isakmp_vendor.c, as I can't reproduce the issue here with the patch
> applied.
>
> Regards
> Martin
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130610/4de2d824/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ikev1.cap
Type: application/octet-stream
Size: 2010 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130610/4de2d824/attachment.obj>
More information about the Users
mailing list