Subject: Re: Cisco VPN interop
To: None <current-users@netbsd.org>
From: Wolfgang S. Rupprecht <wolfgang+gnus20040124T201156@dailyplanet.dontspam.wsrcc.com>
List: current-users
Date: 01/24/2004 20:33:53
tls@rek.tjls.com (Thor Lancelot Simon) writes:
> Ha!  No, you can't use racoon nor isakmpd to talk to a Cisco configured
> that way, because it's using the nonstandard and dangerous XAUTH
> extension to IKE.  But what's pretty funny is that using IKE that way
> lets *any* sonic.net customer steal any other sonic.net customer's
> password. [...]

Wow.  What a bombshell.  Thanks for spotting this f-up.  I'll
certainly pass the info on to Sonic.  They're a small independent ISP
that prides itself in doing things better than the big big boys.  This
will almost certainly make them wince in embarrassment -- hopefully
followed by them reaming Cisco a new one.

-wolfgang
-- 
Wolfgang S. Rupprecht 		     http://www.wsrcc.com/wolfgang/
       The above "From:" address is valid.  Don't mess with it.