[Vpn-help] New 2.0 Alpha Available ...
mgrooms at shrew.net
Sun Oct 1 15:25:07 CDT 2006
Matthew Grooms wrote:
> Ok, this is a catch 22 with aggressive mode and NATT that I hadn't
> considered. You have to include hash payloads for the NAT discovery in
> the first and second packet before the proposals have been reviewed so
> we may not be able to negotiate the hash algorithm parameter in this
> scenario. It should work if you static configure the hash algo on both
> ends or use main mode instead. I will go back to the RFC and see if it
> mentions how to handle this.
That was a bold faced lie. The NAT discovery hashes are included in the
the second and third payloads for aggressive mode. I think this was just
a matter some initialization not happening early enough.
I just now completed a bunch of cleanup for the phase1 and phase2
handlers that was due after the all the churn related to the proposal
auto negotiation work. The new processing layout should fix the issue
you were seeing. I will test this to verify.
More information about the vpn-help