Bug#359183: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359183

Thu, 19 Aug 2010 07:18:34 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>> "Harald" == Harald Jenny <har...@a-little-linux-box.at> writes:
    Harald> On Tue, Jun 08, 2010 at 09:01:41AM -0400, Paul Wouters
    Harald> wrote:
    >> On Tue, 8 Jun 2010, Michael Richardson wrote:
    >> 
    >> >Please remember that XAUTH for IKEv1 was never standardized.
    >> >
    >> >May 11 09:22:10 mykerinos pluto[21853]: "onera" #1: ignoring
    >> unknown Vendor ID payload [afca071368a1f1c96b8696fc77570100]
    >> 
    >> that vendorid suggest Fortigate.

    Harald> As this bug is really old and was pi..ing me off already I
    Harald> have done some testing - not with a Fortigate but with two
    Harald> openswans, one with 2.4.12 and one with 2.6.28, and these
    Harald> are the results:

This is the major reason why we prefer to always have both "client" and
"gateway" side for every protocol --- so that we can validate that
something works.  We might be wrong, but at least we can debug our own
code. 

XAUTH has client push and gateway pull modes.

Which to use, and when, is not communicated in the protocol (one of the
results of having the IETF decline to publish the document is that the
document did not get clarified).

I'm glad that this worked for you and that we can close this bug:
whether or not it works with Fortigate or not depends upon what they
implemented.   My opinion is that if Fortigate wants to validate if it
works with them, that they can get a debian live CD and ... try it out.

- -- 
]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] m...@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
                       then sign the petition. 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBTG06toCLcPvd0N1lAQItAwgAjWOebOKeyk7wli5aUz4MKd7Nxsy77f/4
AfoB6iPyJ5bAOhSKBw/BMCtbnx37Qna6vAQ7UCgotcDQ77P3tyYOPkPctgpvNCWd
UeeZ1Z77u3SPYCeuXzewYvG1e3g2qf5Vmr24ez+LONuedlayBDA9k9D0OSf/i+6v
JXF+W94/rkMPch4TlgfQSYrJG29cP21mPLzd6QKknjNYdFwUR4rR6o2GwIOVbDfq
qX9zCzwEyZj309I5o5vdhqLuz939NaO22GM/5mv7yylT8fh5sNcYhRNkuZzA1QxZ
7qh8hQiAcxWS5hwmKtzKyZX2RfCA1U1CCcWIxpbGGmzefgjK78BziQ==
=hm4I
-----END PGP SIGNATURE-----



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to