[strongSwan] disable sending vendor id
Marco Berizzi
pupilla at hotmail.com
Mon Jan 17 14:29:12 CET 2022
Hello,
yes indeed, you are right.
I noticed, unfortunately the regression
introduced by microsoft is not fixable
from strongswan's point of view.
Marco
From: Rajiv Kulkarni <rajivkulkarni69 at gmail.com>
Sent: Monday, January 17, 2022 1:10 PM
To: Marco Berizzi <pupilla at hotmail.com>
Cc: users at lists.strongswan.org <users at lists.strongswan.org>
Subject: Re: [strongSwan] disable sending vendor id
Hi
Actually, by default Strongswan is configured with NOT sending Vendor_id....but you can make it explicit by enabling/uncommenting the setting in "../Strongswan.d/charon.conf" file as below:
# Send strongSwan vendor ID payload
send_vendor_id = no
hope this helps
thanks & regards
Rajiv
On Fri, Jan 14, 2022 at 3:10 PM Marco Berizzi <pupilla at hotmail.com> wrote:
Hello everyone,
kindly, I would like to know if there is a way to
make strongswan not send the 'vendor id'.
Unfortunately the windows 10 update kb5009543
introduced this regression:
"After installing this update, IP Security
(IPSEC) connections that contain a Vendor ID might
fail. VPN connections using Layer 2 Tunneling
Protocol (L2TP) or IP security Internet Key
Exchange (IPSEC IKE) might also be affected.
To mitigate the issue for some VPNs, you can
disable Vendor ID within the server-side
settings.
Note Not all VPN servers have the option to
disable Vendor ID from being used.
We are presently investigating and will provide an
update in an upcoming release."
Thanks in advance
Marco
More information about the Users
mailing list