Menu
▾
▴
Re: [Ipsec-tools-devel] [PATCH] dpd_invcookie option to work with CISCO PIX
|
From: VANHULLEBUS Y. <va...@fr...> - 2006-07-03 09:39:56
|
On Mon, Jul 03, 2006 at 10:30:31AM +0200, Asier Llano Palacios wrote: > We've found that that ipsec-tools DPD do not work properly with some > CISCO PIX. The problem is that the PIX replies to the message sent by > DPD with the cookies interchanged. When PIX is the initiator, it does > also expect the cookies interchanged. We know that the PIX is not > working properly, but even so, we should like having compatibility with > it. > > We've developed a patch that let us configure if the DPD is replying or > expecting cookies interchanged. (It can be patched against 0.6.5 and > 0.6.6). Patch looks good. I'll test it ASAP then report I'll it to HEAD. > After patching, the file "src/racoon/cfparse.c" should be regenerated > using bison in "src/racoon/cfparse.y". > > bison -o src/racoon/cfparse.c src/racoon/cfparse.y > I've not included it because my version in bison is too new and the > patch is huge. cfparse.c is always regenerated before snaps / releases. Yvan. |