[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Wed Sep 27 22:45:58 UTC 2017
New commits:
commit 0c82bd2d77128cb4add4ae256e093593189a843d
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Sep 27 18:45:26 2017 -0400
testing: ikev1-ikev2-connswitch-01 now passes
commit 59e07e975832841300e30f2a46c1b82d7fb508ca
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Sep 27 18:39:33 2017 -0400
pluto: find_phase1_state() should only find matching IKE version states.
This is lsw#302 An IKEv1-only and IKEv2-only conn between the same host can end up sharing an IKE SA
See test case ikev1-ikev2-connswitch-01
Basically, if you have two hosts that are configured for both
an ikev1 only and an ikev2 only connection, when bringing up the
second one, this would be ignored. This would lead to an ikev2=insist
causing an IKEv1 quickmode message.
If the ikev1 uses authby=secret and the ikev2 uses authby=rsasig, then
the second connection would completely fail to establish.
More information about the Swan-commit
mailing list