From: David D. <da...@ta...> - 2013-07-17 13:17:43
|
On Jul 17, 2013, at 12:11 AM, Timo Teras <tim...@ik...> wrote: > On Mon, 15 Jul 2013 11:33:26 -0500 > David Duchscher <da...@ta...> wrote: > >> Greetings, >> >> We are a user of pfSense Firewall / Router and we were having some >> problems using MacOS X Mountain Lion builtin VPN client with the >> pfSense VPN server. On session rekey, ~45 minutes, it would prompt >> for username and password. On our main VPN system at work, VPN worked >> fine and I noticed the Cisco system did not do XAuth during rekey. I >> googled to see if anybody else had this issue on pfSense, found many >> posts on the issue but no fixes. I figured I would see could find a >> solution and I came up with the following patch witch I submitted to >> pfSense project. >> >> https://github.com/pfsense/pfsense-tools/pull/130 >> >> One of the responses wondered if I had considered submitting this >> upstream and so here I am. Hopefully my implementation has enough >> merit for consideration. > > Looks similar to what I posted here earlier, see: > http://sourceforge.net/mailarchive/forum.php?thread_name=34306B65-2FF6-4B46-9B36-BBAA91148478%40voormedia.com&forum_name=ipsec-tools-devel > > There are differences. E.g. my patch always sends xauth reply. This is > needed for iOS devices IIRC. > > Though, your patch's phase1 matching looks better. Should probably > merge these two. Could you expand on what problems you were seeing on iOS? I have testing with iOS devices (versions 5 & 6) and did not see any issues. I most likely just not testing in the right way to trigger the issue. I have a couple of other oddities that iOS 5.x triggers that I am trying to figure out that, at this time, do not look related to my changes. -- Dave |