[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Tue Jan 7 04:30:21 UTC 2020
New commits:
commit b7abc6a75c82b2928b3b38fa544ee6881bd7242c
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jan 6 23:29:18 2020 -0500
testing: updated newoe-27-replace-sa-authnull-authnull
this test now tests a crashing and restarting auth-null connection, as
well as tests a 2nd client from a different IP to ensure it is not
replacing auth null connections from other IPs.
commit f21616a371e8bb26ede49b0271c99b8b1b097889
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jan 6 23:26:03 2020 -0500
pluto: ISAKMP_SA_established() should support reconnecting authnull clients
This function releases old connections (on a different or same IP) of the
same IKE credentials. If the new connection was NULL authenticated, it
would never replace as the identities cannot be verified. This caused a
problem for a crashing client that reconnects while the remote peer still
has the connection up. The remote peer would reject the new attempt with
an "eroute already in use" error.
This condition is now detected and allowed. An additional check had to be
made to ensure two NULL auth connections from different IPs do not replace
each other based on "the same IKE authentication".
This fixes newoe-27-replace-sa-authnull-authnull
More information about the Swan-commit
mailing list