[vpn-help] Problem report - NetGear modeConfig without XAUTH
Matthew Grooms
mgrooms at shrew.net
Thu Feb 18 23:39:35 CST 2010
On 2/11/2010 7:58 AM, Alexis La Goutte wrote:
> Hi All
>
> I made a test with a FVS336G with the latest firmware available
>
> and I have the same problem.
>
> I analysed IKE trace and i see the router send a ISAKMP_CFG_SET(3) in
> Config Mode to reply a ISAKMP_CFG_REQUEST (frame 5 and 6 of Michal
> packet capture).
>
> I am not an expert IPsec but I think it's a bug of router
>
> Matthew you confirm?
>
I agree with your assessment. The client sends a ISAKMP_CFG_REQUEST
which should be answered with a ISAKMP_CFG_REPLY. Instead its sends a
ISAKMP_CFG_SET. This is clearly defined in section (2) of the modecfg
draft doc ...
http://tools.ietf.org/id/draft-ietf-ipsec-isakmp-mode-cfg-05.txt
Your best bet is to take this up with Netgear. They use ipsec-tools
racoon ike daemon under the hood. However, they are probably using a
very old version or have made some local patches that break things.
-Matthew
More information about the vpn-help
mailing list