[Swan] If there is a bug in Libreswan it could be this !
Philippe Vouters
philippe.vouters at laposte.net
Tue Jan 22 16:21:11 EET 2013
Dear Elison,
Would you mind copy the original program/pluto/ikev1_aggr.c to a safe
place ? So that I am fully aware whehter this does make the difference
for you with your Netscreen peer, can you change
*
from*, referring to the original code below:
aggr_id_and_auth(md, *TRUE*
, aggr_inR1_outI2_continue, kc);
*to:*
aggr_id_and_auth(md, *FALSE*
, aggr_inR1_outI2_continue, kc);
???
With TRUE, Libreswan is supposed to be the initiator of the VPN
connection. With FALSE, it is supposed to be the responder. Please !
Tell us whether this single change does make a difference.
Best if accompanied with Libreswan traces. If it makes no difference,
reset this source file to the original.
*Original code:*
static stf_status
aggr_inR1_outI2_tail(struct msg_digest *md
, struct key_continuation *kc)
{
struct state *const st = md->st;
struct connection *c = st->st_connection;
int auth_payload;
/* HASH_R or SIG_R in */
{
stf_status r = aggr_id_and_auth(md, TRUE
, aggr_inR1_outI2_continue, kc);
if (r != STF_OK)
return r;
}
--
Philippe Vouters (Fontainebleau/France)
URL: http://vouters.dyndns.org/
SIP: sip:Vouters at sip.linphone.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20130122/495e59d2/attachment.html>
More information about the Swan
mailing list