[Swan] Problem with iPhone/iPad and XAUTH Group ID
Paul Wouters
paul at nohats.ca
Fri Mar 28 18:09:54 EET 2014
On Fri, 28 Mar 2014, Marc-Christian Petersen wrote:
> yep, I know about the bug but it doesn't happen here.
>
> for whatever reason iOS is using hybrid mode when using
> cisco ipsec mode with group name and PSK.
>
> Maybe the problem is Libreswan not offering XAUTH when in
> aggressive mode and iOS is falling back to hybrid?
Does it not send the XAUTH vendor id in Aggressive Mode?
btw. There is unmaintained code in contrib/checkpoint-hybrid/ to support
Hybrid Mode. If someone wants to merge in that code, and provide some
interop testing (eg with Shrew Soft) we could pull that code into the
main code base.
Paul
More information about the Swan
mailing list