Re: [Users] ANNOUNCE: strongswan-2.0.0 released

The IKE/ISAKMP RFCs define a standardized set of error messages which can be sent to the peer in order to notify her/him of problems that occurred. Openswan contains the Notify patch coded by Mathieu Lafon, but error messages which are produced during Main Mode negotiation are usually not accepted, either because they are already encrypted or not yet encrypted. This generates very misleading warnings which are interpreted by most users as errors that occured on the own side, although the actual cause lies on the peer side.

My correction applies encryption to Notify messages as soon as the Diffie-Hellman secret becomes available and such messages will be accepted by the peer although he might not yet have reached the end of main mode. (This behaviour is in full compliance with the RFCs.

Regards

Andreas

  John P Santos wrote:

> Another question, what is this "Notification" that strongswan does that
> openswan does not?

Andreas Steffen                   e-mail: andreas.steffen@strongsec.com
strongSec GmbH                    home:   
http://www.strongsec.com
Alter Zürichweg 20                phone:  +41 1 730 80 64

==========================================[strong internet security]===

Content Security by MailMarshal

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek