[Swan-dev] Did Libreswan address these two issues with a Cisco IOS peer ??????
Paul Wouters
paul at nohats.ca
Fri Feb 21 23:21:47 EET 2014
On Fri, 21 Feb 2014, Philippe Vouters wrote:
> Did Libreswan address these two issues with a Cisco IOS peer ?
> 1/ A missing sent issuer issue when in RSA mode (was not present in Libreswan 3.5)
No. AFAIK, there is no RFC method for sending the CAcert. I was also not
sure if that actually solved the problem at hand, which seemed to be
some Cisco-specified method for doing RSA that was neither "raw rsa" nor
"standard X.509".
> 2/ A Libreswan configurable NAT-T payload proposal. This is much needed in
> RSA mode.
Configure what about the NAT-T payload? Not sending it? You can disable
nat-t globally using nat_traversal=no in "config setup". Or enforce a
NAT detection using "forceencaps=yes" in the connection.
Paul
More information about the Swan-dev
mailing list