On Fri, 12 Dec 2014, Michael Schwartzkopff wrote:
seems to work for me. The logs show: | executing spdadd-client: 2>&1 PLUTO_MY_REF=3 PLUTO_PEER_REF=1
It seems to work for klips. See the logs:
The logs i provided was with protostack=mast on both ends....
But it does not work for mast protostack. The log here:
It did for me, so something else must be going on? Possible for transport mode, not all "verb" commands are executed?
See the relevant parts of both logs (klips / mast) above.Can I ask why you want to use the mast stack? It was mostly to support multiple L2TP/Transport connections with NAT, and those deployments are best upgraded to IPsec/XAUTH ("Cisco IPsec mode"). The only known client not to support IPsec/XAUTH is Windows, for which free clients such as the Shrew software client is available that supports it.Yes. You hit exactly the one use case.
I guess we should really look into the current XFRM capabilities and fix this for NETKEY. It seems those old Windows machines aren't going away soon :(
We have windows OS where we cannot interfere too deeply with the clients computer. Especially we have to use what the Windows provides and are not allowed to install additional software. Thanks for your help.
If these are Windows 6 (?) or higher, they could possibly use the native IKEv2 instead? Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
