[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IKE negotiation/rekeying problem with RSIP
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Tero" == Tero Kivinen <kivinen@ssh.fi> writes:
Tero> Michael C. Richardson writes:
>> I want to emphasis that if you use other-than-port-500 in most
>> implementations then you use it for both initiator and responder.
>> IKE does *NOT* use the typical "swap src/dst port and reply" method
>> that one is used to.
Tero> What? I think almost all the implementations are doing exactly that.
Tero> At least we are doing it... I might of course be wrong in this case...
That was my understanding from awhile ago. Looking at rfc2408, section
2.5.1, doesn't say anything about this. Hmm. I recall us discussing that
at some point when isakmp.ssh.fi was going up... it made sense for the test
bench to have that behaviour, and so long as they send from 500, everything
works right.
Hmm. OpenBSD isakmpd works as you suggest, ditto for racoon. I won't
look any further... you are probably right. Now, where did I get this idea?
Was it in previous drafts?
:!mcr!: | Cow#1: Are you worried about getting Mad Cow Disease?
Michael Richardson | Cow#2: No. I'm a duck.
Home: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">mcr@sandelman.ottawa.on.ca</A>. PGP key available.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Comment: Processed by Mailcrypt 3.5.4, an Emacs/PGP interface
Charset: noconv
iQDVAwUBODIaaHMJp3VWzPepAQHcXQX9Ea5QeuCKYoYSqtkX9I56S6UR5iTMaw7O
Bs+I4MeRZMHRs1d8B5HfrltwiWOEs/vvp6XudRicEH8yVuG6hfEsGrqCrwEmXCAF
6wFWhTbZ2K9BO0o5OHY3SYttGio7WAPTwaJY8AQN/OL2dZ3QcJ2XT3jqz2FW5EBA
uuN1WZPkNePqs5OSXCsJgHoHji1d+Hx16rHIciVUai/8eWMelGRdLNWZQ8MDWvhC
M4n+b4m2Atmwk9hbq6SN86G3tFOFkbdE
=F0Vn
-----END PGP SIGNATURE-----
References: