1Mon Jan 10 2000 - Fri Jan 14 2000 2 3brief translation - see Japanese version for more complete results. 4this is *past test result* and implementation (both sides) 5is already fixed to address those problems, in most cases. 6 7vs microsoft 8 as responder 9 NT resends last packet on phase 1, racoon panics -> fixed 10 11 revenge, did well 12 phase 1: pre-shared/3des/sha1/dh2 13 phase 2: esp/sha/des/600sec/3kb 14 15vs bluesteel 16 config issues -> okay 17 phase 1: pre-shared/md5/des/dh1/10min 18 phase 2: esp/md5/des/10min 19 20vs racoon 21 rekey goes well, but sometimes phase 2 goes wrong. 22 23 memory leakage in kernel code -> fixed 24 racoon memory leakage (gets bigger and bigger) -> not yet 25 26 IPv6 works just fine like IPv4 case (no scoped address support yet) 27 28vs ashley laurent 29 phase 1 userfqdn support -> ok 30 phase 2 pfs -> ashley-laurent panics 31 32 phase1: psk/userfadn/md5/des/dh2 33 34vs ericsson 35 issues in kame side: 36 initiator: shouldn't attach DH group type for well-known DH groups 37 responder: blowfish key length 38 39 fixed, okay 40 phase 1: pre-shared/des/md5/dh1/lifetime 1hour/lifebyte 1MB 41 phase 2: esp/md5/blowfish 56bit/lifetime 1hour/lifebyte 1MB 42 43 ericsson manages phase 1 and 2 together (should be managed separately 44 from jenkins-rekey), problem with interpretation of delete payload 45 46vs ibm 47 IPv4: main/aggressive, both ok 48 phase 1 3des/md5/dh1/3600sec 49 phase 2 esp/transport/des/sha1/dh2/1800sec 50 51vs radguard 52 gateway: need more improvement 53 phase 1: pre-shared/des/md5/dh1 54 phase 2: esp tun(to node behind gw)/3des/sha1/dh2 55 client: fragment issue on radguard side 56 phase 1: pre-shared/3des/sha1/dh2 57 phase 2: esp tun(myself)/3des/sha1/dh2 58 59 no base mode support yet 60 61vs network associates 62 base mode: 63 initiator/responder: psk 64 PSK HASH_R -> fixed to conform to RFC2409 65 phase2 proposal parsing problem -> need fix on NAI side 66 67 ok, rekey ok 68 phase 1: pre-shared/sha1/3des/dh2/10min 69 phase 2: esp/md5/cast128/dh2/5min 70 dh group 5, ok 71 agressive mode, ok 72 73 byte lifetime bug on racoon side -> fixed 74 75vs intel 76 base mode: HASH computation bug in initiator/responder 77 78vs freeswan 79 group 5: phase1 ok. 80 no KE on phase2 PFS, probabilistic 81 82 config file parsing bug on racoon 83 84 phase1: psk/sha1/3des/dh5/10min 85 phase2: esp/3des/md5/dh1/10min 86 87vs ire 88 ipcomp over ike 89 variable-length spi support, etc. 90 phase 1: 3des/sha1/dh1/600s 91 phase 2: esp/transport/3des/sha1/300s, ipcomp/deflate/300s 92 93 ok. tried so far: 94 ip esp ipcomp payload 95 ip ah ipcomp payload 96 ip esp ipcomp ip payload 97 ip ah ipcomp ip payload 98 99 - window size issue in kame side 100 backout sys/netinet6/ipcomp_core.c 1.3 -> 1.4 101 - ire does not handle packet > link MTU 102 - tunnel/transport interpretation issue 103 104vs fitel 105 just fine, tunnel/transport ok. rekey has some problem 106 phase1: pks/userfqdn/md5/des/20s 107 phase2: pfs1/md5/des/10s 108 109 nonce len = 320 -> malformed payload 110 random padding -> ok 111 rekey -> some problems 112 113vs cisco 114 IKE works fine 115 phase 1: pre-shared/3des/sha1/dh2/180sec 116 phase 2: esp transport/3des/sha1/dh2/120sec 117 118 phase 1: pre-shared/3des/sha1/dh2/180sec 119 phase 2: esp tunnel/3des/sha1/dh2/120sec 120 121 dangling SA in kernel, fails to lookup policy -> fixed, refcnt issue 122