On 12/04, Antony Antony wrote: > can you commit test as a wip? I am curious to see what is going on. I need > the same for IKEv2 and CREATE_CHILD_SA. >
Take a look at the conn_shared_ike branch that I pushed, it has a test and continuation of the patch. I was focusing on the IKEv1 side of this so there may be some implications for IKEv2 that I was not aware of, so it will need some more review and testing. > Have you tried A and B with different authby or with xauth? say one with rsa > and the other psk? > This kind of setup doesn't seem to work initially, with IKEv1 at least. The reason being that on the responder, the last connection added to the host pair will end up answering the initiation, so if that is TUNNEL-C, it will accept the one auth method that TUNNEL-C is configured for. Matt _______________________________________________ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev