[Swan-dev] defaults for ike= and esp= need updating?
Paul Wouters
paul at nohats.ca
Fri Dec 9 16:06:33 UTC 2016
On Fri, 9 Dec 2016, Andrew Cagney wrote:
> Can this behaviour be tuned for IKEv1 or IKEv2? I would like IKEv2 to
> not have 1536/1024. And I would like IKEv1 to not have 1024.
>
> I think so. The ike_alg structures contain this information, we just need to take the bit between our teeth and
> use it.
Ok.
> One technical nit. This makes the ESP/AH parser code dependent on ike_alg (the IKE code, via plutoalg.c) is
> already). That in turn breaks the, unmaintained and probably already broken, testing/lib/libswan/algparse.c.
> Fixing means moving the deck chairs ike_alg*.[hc] and crypt_*.[hc] to libswan.a, I think I'll hold off :-)
Kill it - we have test cases for all algorithms, and if we want to test
failing connections (eg invalid config lines) we can use a real pluto
test case and try to load those conns to see if these are failing.
Paul
More information about the Swan-dev
mailing list