Hi, On Fri, Nov 16, 2012 at 05:16:06PM +0100, Gerd v. Egidy wrote: > AFAIK Astaro/Sophos is using strongswan and they announced a patch for this > problem in their version 9.004 and 8.307: > ... > Their customers can download the binaries for some time and since today at > least the source for 9.004 is available here: > > http://download.astaro.de/GPL_source_code/ > > I haven't had the time yet to take a look into it. But at least in theory the > patch should be somewhere in there.
I did have some time to look at it. You will find a patch implementing Ciscos proprietary IKE fragmentation in the patches tarball in the chroot-ipsec source rpm. It's based on Strongswan 4.4.1. I managed to port (it did not apply cleanly) that patch to the 4.5.2 based debian backports version and it at least compiles. Tests are still pending. This is however a temporary workaround as this will surely not work on 5.x. and therefore most likely never get into the official srongswan repos. Regards Andreas -- The three chief virtues of a programmer are: Laziness, Impatience and Hubris. -- Larry Wall
signature.asc
Description: Digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
