| Subject: | BUG: tokxts option |
| From: | Olaf Titz <olaf,AT,bigred,DOT,inka,DOT,de> |
| Date: | Sun, 11 Feb 2001 03:15:26 +0100 |
Short summary: The tokxts option in all versions of CIPE up to and including 1.4.5 does not work. It is recommended not to use this option. Technical description: Starting with version 1.2.0, CIPE sends a timestamp mark in the key exchange control packets. The purpose is for the receiver to detect and reject old control packets. This facility in the receiver is turned off by default and has to be activated with the "tokxts" option. This option is not included in the sample configuration. Up to version 1.4.5, the ciped process does mis-interpret the timestamps in the received control packets. As a result, it discards all control packets when this option is used. This may result in no key exchange taking place and all data being inadvertently encrypted using the static key only. The problem is aggravated by an unrelated bug which causes ciped not to log the timestamp problem unless in debug mode. Workaround: Remove the tokxts option from the cipe option files. Fix: Upgrade to CIPE 1.4.6 or later. Olaf