[Swan] OSX Server interop patch, was Re: Connecting to OS X Server

Paul Wouters paul at nohats.ca
Wed Jan 14 17:25:31 EET 2015


On Wed, 14 Jan 2015, Ali Gangji wrote:

> OS X version 10.10.1 and Server version 4.0.3.
> Attached is the log from the server showing 2 connection attempts.

two interesting events in your log:

Jan 13 21:20:49 Abduls-Mac-mini.local racoon[16743]: packet shorter than isakmp header size (size: 0, minimum expected: 28)

It seems your network might be causing fragmentation without
reassembling it properly. That is, it looks like the tail
end of the packet is missing. Either that, or we would be sending
out a (fragmented?) packet with a badly specified isakmp header
size, which I think is less likely.

Jan 13 21:21:00 Abduls-Mac-mini.local racoon[16743]: !!! skipped retransmitting frags: frag_flags 1, r->sendbuf->l 224, max 1280

I don't fully understand this, but it is related to ike fragmentation.

Please try your connection on libreswan with the following settings:

 	ike-frag=no

 	ike-frag=yes

 	ike-frag=force

and let me know which of the three, if any, actually worked.

Paul


More information about the Swan mailing list