[strongSwan] disable sending vendor id

Marco Berizzi pupilla at hotmail.com
Mon Jan 17 14:29:12 CET 2022


Hello,

yes indeed, you are right.
I noticed, unfortunately the regression
introduced by microsoft is not fixable
from strongswan's point of view.

Marco

From: Rajiv Kulkarni <rajivkulkarni69 at gmail.com>
Sent: Monday, January 17, 2022 1:10 PM
To: Marco Berizzi <pupilla at hotmail.com>
Cc: users at lists.strongswan.org <users at lists.strongswan.org>
Subject: Re: [strongSwan] disable sending vendor id 
 
Hi 

Actually, by default Strongswan is configured with NOT sending Vendor_id....but you can make it explicit by enabling/uncommenting the setting in "../Strongswan.d/charon.conf" file as below:

# Send strongSwan vendor ID payload                                    
  send_vendor_id = no

hope this helps

thanks & regards
Rajiv




On Fri, Jan 14, 2022 at 3:10 PM Marco Berizzi <pupilla at hotmail.com> wrote:
Hello everyone,

kindly, I would like to know if there is a way to 
make strongswan not send the 'vendor id'. 
Unfortunately the windows 10 update kb5009543 
introduced this regression:

"After installing this update, IP Security 
(IPSEC) connections that contain a Vendor ID might 
fail. VPN connections using Layer 2 Tunneling 
Protocol (L2TP) or IP security Internet Key 
Exchange (IPSEC IKE) might also be affected.


To mitigate the issue for some VPNs, you can 
disable Vendor ID within the server-side 
settings.

Note Not all VPN servers have the option to 
disable Vendor ID from being used.

We are presently investigating and will provide an 
update in an upcoming release."

Thanks in advance
Marco


More information about the Users mailing list