On Jul 17, 2013, at 12:11 AM, Timo Teras <timo.teras@...> wrote:
> On Mon, 15 Jul 2013 11:33:26 -0500
> David Duchscher <daved@...> wrote:
>> We are a user of pfSense Firewall / Router and we were having some
>> problems using MacOS X Mountain Lion builtin VPN client with the
>> pfSense VPN server. On session rekey, ~45 minutes, it would prompt
>> for username and password. On our main VPN system at work, VPN worked
>> fine and I noticed the Cisco system did not do XAuth during rekey. I
>> googled to see if anybody else had this issue on pfSense, found many
>> posts on the issue but no fixes. I figured I would see could find a
>> solution and I came up with the following patch witch I submitted to
>> pfSense project.
>> One of the responses wondered if I had considered submitting this
>> upstream and so here I am. Hopefully my implementation has enough
>> merit for consideration.
> Looks similar to what I posted here earlier, see:
> There are differences. E.g. my patch always sends xauth reply. This is
> needed for iOS devices IIRC.
> Though, your patch's phase1 matching looks better. Should probably
> merge these two.
Could you expand on what problems you were seeing on iOS? I have testing
with iOS devices (versions 5 & 6) and did not see any issues. I most
likely just not testing in the right way to trigger the issue. I have a
couple of other oddities that iOS 5.x triggers that I am trying to
figure out that, at this time, do not look related to my changes.