[Swan-dev] why, in ah-pluto-01, does libreswan emit an ESP proposal

Andrew Cagney andrew.cagney at gmail.com
Fri Oct 5 00:54:52 UTC 2018

It turns out that, when phase2=ah (i.e., POLICY_AUTHENTICATE), IKEv1's
defaults, since before the start of time have been:

static struct db_prop_conj ah_props[] = {
    { AD(ah_pc) },
    { AD(espnull_pc) }

I.e., in addition to AH, emit an ESP proposal with no encryption.
It's just that it never worked.
Should the second line be dropped?


On Thu, 4 Oct 2018 at 18:02, Andrew Cagney <andrew.cagney at gmail.com> wrote:
> > In the current code NEXT in the first payload is patched up so the
> > second proposal is be visible.  Am trying east:phase2=esp
> Yea, that went a little too well :-(
> I'm testing the attached to mitigate this new problem, hopefully it
> goes ok and can push.
> I think getting rid of the extra payload is something to sort out later.
> Andrew

More information about the Swan-dev mailing list