Hi all,
the attached patch against the vpnc-nortel branch adds
support for the Fritz!Box VPN's behaviour.
AFAIU it, the flow is as following:
* vpnc suggests a lifetime of 2147483
* the fritzbox does not like lifetimes of > 1hour
=> this triggers an assert() in lifetime_ike_process()
* if the assert is skipped, we later bail out in do_phase1_am_packet2()
due to an unknown ISAKMP_PAYLOAD_N
The patch now does:
* disarm the assert() in lifetime_ike_process(), instead just log
a debug message
* add parsing of the lifetime attribuet for ISAKMP_PAYLOAD_N in
do_phase1_am_packet2()
With this, vpnc adopts to the server-suggested 3600 seconds lifetime.
Note: this patch was developed simply by watching and interpreting the
debug output of vpnc, no reading of the RFCs or similar was involved.
Especially, I have almost zero knowledge of IPSEC, ISAKMP and similar.
Best regards,
Stefan
--
Stefan Seyfried
"Dispatch war rocket Ajax to bring back his body!"
the attached patch against the vpnc-nortel branch adds
support for the Fritz!Box VPN's behaviour.
AFAIU it, the flow is as following:
* vpnc suggests a lifetime of 2147483
* the fritzbox does not like lifetimes of > 1hour
=> this triggers an assert() in lifetime_ike_process()
* if the assert is skipped, we later bail out in do_phase1_am_packet2()
due to an unknown ISAKMP_PAYLOAD_N
The patch now does:
* disarm the assert() in lifetime_ike_process(), instead just log
a debug message
* add parsing of the lifetime attribuet for ISAKMP_PAYLOAD_N in
do_phase1_am_packet2()
With this, vpnc adopts to the server-suggested 3600 seconds lifetime.
Note: this patch was developed simply by watching and interpreting the
debug output of vpnc, no reading of the RFCs or similar was involved.
Especially, I have almost zero knowledge of IPSEC, ISAKMP and similar.
Best regards,
Stefan
--
Stefan Seyfried
"Dispatch war rocket Ajax to bring back his body!"