<div dir="ltr">OS X version 10.10.1 and Server version 4.0.3.<div><br></div><div>Attached is the log from the server showing 2 connection attempts.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jan 13, 2015 at 7:44 AM, Ali Gangji <span dir="ltr"><<a href="mailto:ali@neonrain.com" target="_blank">ali@neonrain.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">It's a late 2014 Mac Mini running Mac OS 10.10 Yosemite, and using the OS X Server VPN service.<div><br></div><div>I'll take a look at the logs and reply back.</div></div><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On Mon, Jan 12, 2015 at 6:57 PM, Paul Wouters <span dir="ltr"><<a href="mailto:paul@nohats.ca" target="_blank">paul@nohats.ca</a>></span> wrote:<br></span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><span>On Mon, 12 Jan 2015, Ali Gangji wrote:<br>
<br>
</span></span><span class=""><span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Thanks for the help again. I now get a new, but similar message:<br>
Notify Message Type of ISAKMP Notification Payload has an unknown value: 15823<br>
</blockquote>
<br>
</span></span><a href="https://www.iana.org/assignments/ipsec-registry/ipsec-registry.xhtml#ipsec-registry-22" target="_blank">https://www.iana.org/<u></u>assignments/ipsec-registry/<u></u>ipsec-registry.xhtml#ipsec-<u></u>registry-22</a><br>
<br>
Hmm, according to IANA this falls in the range:<br>
<br>
8192 - 16383 Doi-Specific Error types<br>
<br>
This might get uglier. We might need to actually send it in a buggy way<br>
as well.<br>
<br>
Do you have access to this remote endpoint? Can you tell us about the<br>
specific version and hardware? could it be that this is a ppc32<br>
package on a ppc64 or something weird like that?<br>
<br>
Do you have any access to the logs?<br>
<br>
We could try and send a DOI that's the wrong ntohl(1) but if that<br>
just means we have to do that for ALL payloads it is just too bad<br>
a hack to build a workaround for.<span><font color="#888888"><br>
<br>
Paul<br>
</font></span></blockquote></div><br></div>
<br>_______________________________________________<br>
Swan mailing list<br>
<a href="mailto:Swan@lists.libreswan.org">Swan@lists.libreswan.org</a><br>
<a href="https://lists.libreswan.org/mailman/listinfo/swan" target="_blank">https://lists.libreswan.org/mailman/listinfo/swan</a><br>
<br></blockquote></div><br></div>