On 12/04, Antony Antony wrote:
> can you commit test as a wip? I am curious to see what is going on. I need 
> the same for IKEv2 and CREATE_CHILD_SA.
> 

Take a look at the conn_shared_ike branch that I pushed, it has a test and
continuation of the patch. I was focusing on the IKEv1 side of this so there 
may be some implications for IKEv2 that I was not aware of, so it will need some
more review and testing.

> Have you tried A and B with different authby or with xauth? say one with rsa 
> and the other psk?
>

This kind of setup doesn't seem to work initially, with IKEv1 at least. The 
reason being
that on the responder, the last connection added to the host pair will end up
answering the initiation, so if that is TUNNEL-C, it will accept the one auth 
method
that TUNNEL-C is configured for.

Matt
_______________________________________________
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-dev

Reply via email to