Re: [Users] protocol/port in Phase 1 ID Payload must be 0/0 or

On Wed, 2004-02-25 at 13:40, Jorge Costa wrote:
> Hi,
>
> In last November there were on the users mailling list some questions

Hi!

Cisco 800 Series has a bug in their IKE implementation that will prevent keyexchange with FreeSWAN. While Cisco is wrong according to the RFC, the bug can be easily fixed on FreeSWAN side.

Unfortunately the FreeSWAN developer community wants to stick close to the RFC and will not offer a workaround.

For more on this discussion, see the list archives. Here are some relevant entries:  

http://lists.freeswan.org/pipermail/users/2003-January/017808.htmlhttp://lists.freeswan.org/pipermail/design/2002-January/001810.htmlhttps://lists.freeswan.org/archives/users/2003-November/msg00005.htmlhttps://lists.freeswan.org/archives/design/2003-November/msg00002.htmlhttps://lists.freeswan.org/archives/users/2003-November/msg00007.htmlhttps://lists.freeswan.org/archives/design/2003-November/msg00004.html

This tiny patch applies against 1.99 and everything works for me:

http://ristic.info/files/linux-freeswan.patch

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

Regards

        Thomas Ristic