[Swan-commit] Changes to ref refs/heads/master

New commits: commit baf51f4e4575628c4e59c60fbd9e99311a7b56ab Author: Paul Wouters Date: Mon Apr 23 22:23:21 2018 -0400 testing: added ikev2-26-keyingtries This shows a bug in STATE_PARENT_I2 that causes the state to be deleted instead of restarting

[Swan-commit] Changes to ref refs/heads/master

New commits: commit 0308e63143e697a2f974622dd6982379ba64093c Author: Paul Wouters Date: Mon Apr 23 20:46:53 2018 -0400 documentation: remove --clientwithin from whack --help. It's long gone Also re-ordered two lines for consistency

Re: [Swan] left/rightsubnets option

On Mon, 23 Apr 2018, Erik Andersson wrote: conn remote ... ... right=10.48.28.81 rightid=10.48.28.81 rightsubnets=192.168.110.0/24,50.50.50.0/24 left=%any ... ... (have also tried rightsubnets={192.168.110.0/24

Re: [Swan] question about pfsgroup

On Mon, 23 Apr 2018, Andrew Cagney wrote: Apr 2 20:24:13 vvr-10-69-244-19 pluto[18354]: vpn-5653427: "conn_vpn-5653427-tunnel-VPNRemoteRoutedSubnet-tunnel-10.30.0.0/16" #5: initiating Quick Mode Something flipped the PFS bit, causing the re-key to request a DH exchange! That is a little

Re: [Swan] question about pfsgroup

I'm not sure that the recent changes, mostly about IKEv2, will help here: On 21 April 2018 at 20:56, Xinwei Hong wrote: > Sure. Thank you! I will try it out. > > Xinwei > > >> On Apr 21, 2018, at 1:56 PM, Paul Wouters wrote: >> >>> On Mon, 2 Apr 2018, Xinwei

Re: [Swan-dev] style discussion: structure of .c files

Are you talking about a program or a library? In general terms: - monolithic headers end up being a dumping ground for all sorts of junk (what libreswan.h sucks in is scary!) - (I argue) their indirect dependencies make long term maintenance hard; its easier to eliminate direct dependencies

[Swan-commit] Changes to ref refs/heads/master

New commits: commit 50d7195b0a9435961e13a2d068c366ff997f6d60 Author: Paul Wouters Date: Mon Apr 23 12:49:01 2018 -0400 update changes commit 84d8f6dd11ef5e6ccbfa96145ceff856deac6db4 Author: Paul Wouters Date: Mon Apr 23 12:46:40 2018 -0400

[Swan-commit] Changes to ref refs/heads/master

New commits: commit f78a28d1f190005c7c5a40182bef1925cdf17094 Author: Paul Wouters Date: Mon Apr 23 12:28:53 2018 -0400 update changes ___ Swan-commit mailing list Swan-commit@lists.libreswan.org

[Swan-commit] Changes to ref refs/heads/master

New commits: commit 7b5a5303b62a2d243a415fbbe0f96c6558bda000 Author: Andrew Cagney Date: Mon Apr 23 11:02:56 2018 -0400 shunk: fix (C) in .h - only one person is responsible for this crazy idea ___ Swan-commit mailing list

[Swan-commit] Changes to ref refs/heads/master

New commits: commit eb0a7ea3b4dce3c6344c0e5512a000cfc2cff813 Author: Andrew Cagney Date: Sun Apr 22 09:28:58 2018 -0400 algparse: check for pfs=no conflicting with esp=aes;dh21 early This way pfs=no esp=aes,aes;dh21 gets an error about DH21 being invalid and

[Swan-dev] changes to how ;DH is handled in esp/ah= proposals

The way ; is dealt with by the proposal parser has changed. It should eliminate some ambiguity, and ensure things are more consistent between IKEv1 and IKEv2 ESP/AH and IKE. After some to and fro, the rules have been reduced to: 1. when pfs=no, specifying DH in an ESP/AH proposal is an error

[Swan] left/rightsubnets option

Hi! I'm running libreswan 3.23 and trying to connect road warriors via XAUTH and modecfg. It works fine when the clients are able to connect to a single subnet: conn remote ... ... right=10.48.28.81 rightid=10.48.28.81 rightsubnet=192.168.110.0/24

[Swan-commit] Changes to ref refs/heads/master

New commits: commit 6e61a6f528263915ede585a762d4dda4d70ee6ae Merge: 303fe90 ff668ed Author: Antony Antony Date: Mon Apr 23 11:31:27 2018 +0200 Merge branch 'mobike' Improvments to MOBIKE initiator side. commit ff668edd4c6bd12f78d9420c113982186b5e4600 Author: