CVSROOT: /cvs
Module name: src
Changes by: mar...@cvs.openbsd.org 2012/09/15 07:17:48
Modified files:
sbin/ipsecctl : ike.c
Log message:
Encode the transform parameters in the transform name, too.
Only using p1name or p2name as a transform identifier (as in rev 1.74)
breaks setups that allow multiple transforms for a connection, e.g. in
ike passive esp from any to 1.1.1.1 quick enc aes-128
ike passive esp from any to 1.1.1.1 quick enc aes-192
the aes-128 will be overwritten. ok and feedback mikeb@
