New commits:
commit baf51f4e4575628c4e59c60fbd9e99311a7b56ab
Author: Paul Wouters
Date: Mon Apr 23 22:23:21 2018 -0400
testing: added ikev2-26-keyingtries
This shows a bug in STATE_PARENT_I2 that causes the state to be
deleted instead of restarting
New commits:
commit 0308e63143e697a2f974622dd6982379ba64093c
Author: Paul Wouters
Date: Mon Apr 23 20:46:53 2018 -0400
documentation: remove --clientwithin from whack --help. It's long gone
Also re-ordered two lines for consistency
On Mon, 23 Apr 2018, Erik Andersson wrote:
conn remote
...
...
right=10.48.28.81
rightid=10.48.28.81
rightsubnets=192.168.110.0/24,50.50.50.0/24
left=%any
...
...
(have also tried rightsubnets={192.168.110.0/24
On Mon, 23 Apr 2018, Andrew Cagney wrote:
Apr 2 20:24:13 vvr-10-69-244-19 pluto[18354]: vpn-5653427:
"conn_vpn-5653427-tunnel-VPNRemoteRoutedSubnet-tunnel-10.30.0.0/16" #5:
initiating Quick Mode
Something flipped the PFS bit, causing the re-key to request a DH exchange!
That is a little
I'm not sure that the recent changes, mostly about IKEv2, will help here:
On 21 April 2018 at 20:56, Xinwei Hong wrote:
> Sure. Thank you! I will try it out.
>
> Xinwei
>
>
>> On Apr 21, 2018, at 1:56 PM, Paul Wouters wrote:
>>
>>> On Mon, 2 Apr 2018, Xinwei
Are you talking about a program or a library?
In general terms:
- monolithic headers end up being a dumping ground for all sorts of
junk (what libreswan.h sucks in is scary!)
- (I argue) their indirect dependencies make long term maintenance
hard; its easier to eliminate direct dependencies
New commits:
commit 50d7195b0a9435961e13a2d068c366ff997f6d60
Author: Paul Wouters
Date: Mon Apr 23 12:49:01 2018 -0400
update changes
commit 84d8f6dd11ef5e6ccbfa96145ceff856deac6db4
Author: Paul Wouters
Date: Mon Apr 23 12:46:40 2018 -0400
New commits:
commit f78a28d1f190005c7c5a40182bef1925cdf17094
Author: Paul Wouters
Date: Mon Apr 23 12:28:53 2018 -0400
update changes
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit 7b5a5303b62a2d243a415fbbe0f96c6558bda000
Author: Andrew Cagney
Date: Mon Apr 23 11:02:56 2018 -0400
shunk: fix (C) in .h - only one person is responsible for this crazy idea
___
Swan-commit mailing list
New commits:
commit eb0a7ea3b4dce3c6344c0e5512a000cfc2cff813
Author: Andrew Cagney
Date: Sun Apr 22 09:28:58 2018 -0400
algparse: check for pfs=no conflicting with esp=aes;dh21 early
This way pfs=no esp=aes,aes;dh21 gets an error about DH21 being invalid
and
The way ; is dealt with by the proposal parser has changed. It should
eliminate some ambiguity, and ensure things are more consistent
between IKEv1 and IKEv2 ESP/AH and IKE. After some to and fro, the
rules have been reduced to:
1. when pfs=no, specifying DH in an ESP/AH proposal is an error
Hi!
I'm running libreswan 3.23 and trying to connect road warriors via XAUTH
and modecfg.
It works fine when the clients are able to connect to a single subnet:
conn remote
...
...
right=10.48.28.81
rightid=10.48.28.81
rightsubnet=192.168.110.0/24
New commits:
commit 6e61a6f528263915ede585a762d4dda4d70ee6ae
Merge: 303fe90 ff668ed
Author: Antony Antony
Date: Mon Apr 23 11:31:27 2018 +0200
Merge branch 'mobike'
Improvments to MOBIKE initiator side.
commit ff668edd4c6bd12f78d9420c113982186b5e4600
Author:
13 matches
Mail list logo