[Swan] If there is a bug in Libreswan it could be this !
Elison Niven
elison.niven at cyberoam.com
Tue Jan 22 16:46:02 EET 2013
Hi,
Yes, For responder it should be FALSE.
However, this does not have any effect on the current issue.
The function aggr_inR1_outI2_tail is not even called.
New logs in case you are interested :
http://pastebin.com/8ZEu42DS
On Tuesday 22 January 2013 07:51:11 PM IST, Philippe Vouters wrote:
> Dear Elison,
>
> Would you mind copy the original program/pluto/ikev1_aggr.c to a safe
> place ? So that I am fully aware whehter this does make the difference
> for you with your Netscreen peer, can you change
> *
> from*, referring to the original code below:
>
> aggr_id_and_auth(md, *TRUE*
> , aggr_inR1_outI2_continue, kc);
> *to:*
>
> aggr_id_and_auth(md, *FALSE*
> , aggr_inR1_outI2_continue, kc);
>
> ???
> With TRUE, Libreswan is supposed to be the initiator of the VPN
> connection. With FALSE, it is supposed to be the responder. Please !
> Tell us whether this single change does make a difference.
> Best if accompanied with Libreswan traces. If it makes no difference,
> reset this source file to the original.
>
> *Original code:*
> static stf_status
> aggr_inR1_outI2_tail(struct msg_digest *md
> , struct key_continuation *kc)
> {
> struct state *const st = md->st;
> struct connection *c = st->st_connection;
> int auth_payload;
>
> /* HASH_R or SIG_R in */
> {
> stf_status r = aggr_id_and_auth(md, TRUE
> , aggr_inR1_outI2_continue, kc);
>
> if (r != STF_OK)
> return r;
> }
>
> --
> Philippe Vouters (Fontainebleau/France)
> URL:http://vouters.dyndns.org/
> SIP:sip:Vouters at sip.linphone.org
--
Best Regards,
Elison Niven
More information about the Swan
mailing list