[Swan] OSX Server interop patch, was Re: Connecting to OS X Server

Ali Gangji ali at neonrain.com
Thu Jan 15 02:50:04 EET 2015


None of them worked. The same response:

Notify Message Type of ISAKMP Notification Payload has an unknown value:
15823

On Wed, Jan 14, 2015 at 7:25 AM, Paul Wouters <paul at nohats.ca> wrote:

> On Wed, 14 Jan 2015, Ali Gangji wrote:
>
>  OS X version 10.10.1 and Server version 4.0.3.
>> Attached is the log from the server showing 2 connection attempts.
>>
>
> two interesting events in your log:
>
> Jan 13 21:20:49 Abduls-Mac-mini.local racoon[16743]: packet shorter than
> isakmp header size (size: 0, minimum expected: 28)
>
> It seems your network might be causing fragmentation without
> reassembling it properly. That is, it looks like the tail
> end of the packet is missing. Either that, or we would be sending
> out a (fragmented?) packet with a badly specified isakmp header
> size, which I think is less likely.
>
> Jan 13 21:21:00 Abduls-Mac-mini.local racoon[16743]: !!! skipped
> retransmitting frags: frag_flags 1, r->sendbuf->l 224, max 1280
>
> I don't fully understand this, but it is related to ike fragmentation.
>
> Please try your connection on libreswan with the following settings:
>
>         ike-frag=no
>
>         ike-frag=yes
>
>         ike-frag=force
>
> and let me know which of the three, if any, actually worked.
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20150114/6c23f60e/attachment.html>


More information about the Swan mailing list