[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Tue Aug 28 03:14:02 UTC 2018
New commits:
commit 30fc6434469eba046e03058e99bf8492085879aa
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Aug 27 23:10:23 2018 -0400
pluto: pass state into lease_an_address()
This allows us to check st->st_xauth_username and make that part
of the thatid string that uniquely identifies a "remote ID user".
Otherwise, multiple clients from behind the same NAT end up with
the same lease because their (public) IP is the same.
This resolves some (but not all) issues with can_share_lease()
The other issue is authby=secret where the clients are using the
(default) ID_IP of their pre-NAT IP as ID. Despite can_share_lease()
returning FALSE for authby=secret, the thatid handling still somehow
ends up on the same lease IP.
commit 8c6d5fdc1dc57945e695f41bfb5528978e704b7f
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Aug 27 23:07:46 2018 -0400
testing: update xauth-pluto-28-twobehindnat
This test still fails. it seems road connecting causes east's policy
rules for north to get mangled, leaving only 4 of 6 ip xfrm policy
rules in place.
More information about the Swan-commit
mailing list