[Swan] If there is a bug in Libreswan it could be this !

Philippe Vouters philippe.vouters at laposte.net
Tue Jan 22 16:53:37 EET 2013 

Elison,

Do revert back to the original file. I am looking elsewhere trying to 
understand what happens inside Libreswan.

Philippe Vouters (Fontainebleau/France)
URL: http://vouters.dyndns.org/
SIP: sip:Vouters at sip.linphone.org

Le 22/01/2013 15:46, Elison Niven a écrit :
> Hi,
>
> Yes, For responder it should be FALSE.
> However, this does not have any effect on the current issue.
> The function aggr_inR1_outI2_tail is not even called.
> New logs in case you are interested :
> http://pastebin.com/8ZEu42DS
>
> On Tuesday 22 January 2013 07:51:11 PM IST, Philippe Vouters wrote:
>> Dear Elison,
>>
>> Would you mind copy the original program/pluto/ikev1_aggr.c to a safe
>> place ? So that I am fully aware whehter this does make the difference
>> for you with your Netscreen peer, can you change
>> *
>> from*, referring to the original code below:
>>
>> aggr_id_and_auth(md, *TRUE*
>>                                         , aggr_inR1_outI2_continue, kc);
>> *to:*
>>
>> aggr_id_and_auth(md, *FALSE*
>>                                         , aggr_inR1_outI2_continue, kc);
>>
>> ???
>> With TRUE, Libreswan is supposed to be the initiator of the VPN
>> connection. With FALSE, it is supposed to be the responder. Please !
>> Tell us whether this single change does make a difference.
>> Best if accompanied with Libreswan traces. If it makes no difference,
>> reset this source file to the original.
>>
>> *Original code:*
>> static stf_status
>> aggr_inR1_outI2_tail(struct msg_digest *md
>>                      , struct key_continuation *kc)
>> {
>>     struct state *const st = md->st;
>>     struct connection *c = st->st_connection;
>>     int auth_payload;
>>
>>     /* HASH_R or SIG_R in */
>>     {
>>         stf_status r = aggr_id_and_auth(md, TRUE
>>                                         , aggr_inR1_outI2_continue, kc);
>>
>>         if (r != STF_OK)
>>             return r;
>>     }
>>
>> -- 
>> Philippe Vouters (Fontainebleau/France)
>> URL:http://vouters.dyndns.org/
>> SIP:sip:Vouters at sip.linphone.org
>
> -- 
> Best Regards,
> Elison Niven
>
>

More information about the Swan mailing list