[Swan] leftsubnet(s) query and possible ipsec auto --replace bug
Paul Wouters
paul at nohats.ca
Sun Jan 28 21:14:06 UTC 2018
On Sun, 28 Jan 2018, Nick Howitt wrote:
> However, re the possible bug, if you then do an "ipsec auto --start" the xfrm
> policy at the *local end only* does reflect the new conn definition and the
> removed subnet disappears from the local xfrm policy. At the remote end the
> xfrm policy remains for the deleted subnet.
That's odd because you can see in programs/auto/auto.in that the "start"
target is identical to the "add" target plus the "up" target. And "add"
and "replace" are the same action. The only real difference would be one
of timing.
Paul
More information about the Swan
mailing list