From: VANHULLEBUS Y. <va...@fr...> - 2004-11-15 14:41:05
|
Hi. Here is a quick port of my DPD work for ipsec-tools's racoon. As I still have compilation problems on my FreeBSD, and as I have no other suitable workstation for that, I did *NOT* try to compile it, but I guess it is "quite ready to compile" (with at most a few fixes...). Most informations about this patch are already in (racoon 579) and (racoon 596). This implementation has been tested against itself, and it works. Some interoperability tests have been made with isakmpd, but as my configuration was also using NAT-Traversal, and as there is currently a (reported) bug in isakmpd (informational messages are sent to a wrong port), I would not really validate it. But according to each peer's debug, both implementation seems to agree on R_U_THERE messages... I also made some "tests" with Safenet's Softremote: it seems that we just don't generate the same R_U_THERE, and I just could not have any information about their DPD support (nothing in the configuration, nothing in the help, I just don't know if their implementation is supposed to work !). I tried to make some other interoperability tests, but in fact, most products use a proprietary peer detection system. Any feedback is welcome. This implementation also does NOT support an "enable DPD for this tunnel" configuration option, but it will be very easy to add this if you want. Yvan. |