New commits: commit 839b259e14e3d83860d54e7573c34a3096c04c50 Author: Paul Wouters <pwout...@redhat.com> Date: Mon Aug 20 18:59:26 2018 -0400
pluto: can_share_lease() should also not share for ID_IP type This is because two clients behind the same NAT have the same "thatid" that is used to determine if a returning connection is the same client. For authby=psk the clients often send ID_IP. There is no guarantee that a dynamic IP isn't used for a new/different client which should not inherit the same lease that could have open connections to remote sides. Note that can_share_lease() already didn't share leases for PSK, so this change should not have any effect. ID_IP is not used when using certificates, which use either ID_FQDN or ID_DER_ASN_DN. _______________________________________________ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit