[strongSwan] DPD [lack of] interoperability between strongswan and Cisco IOS

Olivier PELERIN olivier_pelerin at hotmail.com
Mon Jun 10 18:01:52 CEST 2013


That's indeed wierd. I dont see anything in Strongswan debugs about the vendor-ID payload.

It's in the 4th packet of the packet capture and to answer your question, the /usr/sbin/ipsec file is indeed the new one.



It's exactly the time when I've emerged the sw 
> Subject: Re: [strongSwan] DPD [lack of] interoperability between strongswan and Cisco IOS
> From: martin at strongswan.org
> To: olivier_pelerin at hotmail.com
> CC: users at lists.strongswan.org
> Date: Mon, 10 Jun 2013 14:48:17 +0200
> 
> 
> > parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
> > generating ID_PROT request 0 [ ID HASH ]
> 
> I don't see that charon processes any vendor IDs in the second MM
> response. 
> 
> When I send some vendor IDs in that message, the initiator processes
> them properly:
> 
> > parsed ID_PROT response 0 [ KE No V V V V V NAT-D NAT-D ]
> > received strongSwan vendor ID
> > received XAuth vendor ID
> > received DPD vendor ID
> > received Cisco Unity vendor ID
> > received NAT-T (RFC 3947) vendor ID
> > generating ID_PROT request 0 [ ID HASH ]
> 
> Can you please double-check that you are running the correct, patched
> version?
> 
> If this is the case, you may try to add some additional debugging to
> isakmp_vendor.c, as I can't reproduce the issue here with the patch
> applied.
> 
> Regards
> Martin
> 
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130610/4de2d824/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ikev1.cap
Type: application/octet-stream
Size: 2010 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130610/4de2d824/attachment.obj>


More information about the Users mailing list