[Swan-commit] Changes to ref refs/heads/master

Paul Wouters paul at vault.libreswan.fi
Tue Jan 7 04:30:21 UTC 2020

New commits:
commit b7abc6a75c82b2928b3b38fa544ee6881bd7242c
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon Jan 6 23:29:18 2020 -0500

    testing: updated newoe-27-replace-sa-authnull-authnull
    this test now tests a crashing and restarting auth-null connection, as
    well as tests a 2nd client from a different IP to ensure it is not
    replacing auth null connections from other IPs.

commit f21616a371e8bb26ede49b0271c99b8b1b097889
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon Jan 6 23:26:03 2020 -0500

    pluto: ISAKMP_SA_established() should support reconnecting authnull clients
    This function releases old connections (on a different or same IP) of the
    same IKE credentials. If the new connection was NULL authenticated, it
    would never replace as the identities cannot be verified. This caused a
    problem for a crashing client that reconnects while the remote peer still
    has the connection up. The remote peer would reject the new attempt with
    an "eroute already in use" error.
    This condition is now detected and allowed. An additional check had to be
    made to ensure two NULL auth connections from different IPs do not replace
    each other based on "the same IKE authentication".
    This fixes newoe-27-replace-sa-authnull-authnull

More information about the Swan-commit mailing list