[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
On 5/19/2018 1:04 PM, Maxime Villard wrote:
Le 19/05/2018 à 16:57, Chuck Zmudzinski a écrit :
A little more information on my setup from what racoon logs show:
May 13 12:17:11 ave racoon: INFO: respond new phase 1 negotiation:
May 13 12:17:11 ave racoon: INFO: begin Identity Protection mode.
May 13 12:17:11 ave racoon: INFO: received broken Microsoft ID: MS
May 13 12:17:11 ave racoon: INFO: received Vendor ID: RFC 3947
May 13 12:17:11 ave racoon: INFO: received Vendor ID:
May 13 12:17:11 ave racoon: INFO: received Vendor ID: FRAGMENTATION
May 13 12:17:11 ave racoon: [18.104.22.168] INFO: Selected NAT-T
version: RFC 3947
This is from a Microsoft Windows 10 client, and it reports using RFC
Nat-t version, yet in the NetBSD 7.x udp_usrreq.c code, my system is
the UDP_ENCAP_ESPINUDP_NON_IKE case but I had to edit the skip
that case to what skip would be if the INP_ESPINUDP case was selected in
udp_usrreq.c to get my setup to work with the windows clients. If is
to me, but my patch does work with windows clients but I don't know
patch breaks other cases.
Well, at a first glance it looks like there's a problem with racoon.
uses RFC3947, it shouldn't use non-IKE markers.
That's what I was thinking also, but as I said I am using Microsoft
clients with the AssumeUDPEncapsulationContextOnSendRule value set to 2
in the Windows registry
and maybe that is tricking racoon into using non-IKE markers. I can try
Windows clients with that value set to 0 or 1 and see if racoon is still
using non-IKE markers.
Next week I will have some time to do some debugging and test my confi
guration also with a non-Windows client and see if it is still using
non-IKE markers. I can try an iphone client and I also got a NetBSD
client that uses racoon to work with my patch but I never checked if it
used non-IKE markers in that case. I will let you know what I find.
Main Index |
Thread Index |