[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Mon May 14 01:01:19 UTC 2018
New commits:
commit d2a231c8d5223078c18f0b6728936110507138ad
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun May 13 20:59:04 2018 -0400
IKEv2: don't skip replacing conn on INITIAL CONTACT
as document in the added comment:
Ideally, we would return here for IKEv2 when we have not seen INITIAL CONTACT,
but our code currently does not handle this properly. Especially addresspool based
connections would end up with two connection instances competing for a single IPsec SA.
We can re-instate this check once we can detect the current conn is replacing the existing
conn and is not a second conn for a different IPsec which only shares the IKE SA.
More information about the Swan-commit
mailing list