[strongSwan-dev] support for {left,right}allowany in charon?
Mirko Parthey
mirko.parthey at informatik.tu-chemnitz.de
Thu Jun 21 13:41:41 CEST 2012
On Sat, Jun 09, 2012 at 02:50:47PM +0200, Andreas Steffen wrote:
> the right|leftallowany feature is now supported by the new monolithic
> IKEv1/v2 strongSwan 5.0 charon daemon. If you want to give it a
> try, download our 5.0.0dr1 developers release
>
> http://download.strongswan.org/strongswan-5.0.0dr1.tar.bz2
>
> I also created the following IKEv2 allow-any example scenario:
>
> http://www.strongswan.org/uml/testresults5dr/ikev2/dynamic-initiator/
Hi Andreas,
I have been using the 5.0.0dr1 release for a week now, with a
configuration based on the rightallowany feature, and it is working well
for me.
A few minor issues:
Building strongswan fails when the --enable-certexpire option is set:
certexpire_export.c: In function ‘certexpire_export_create’:
certexpire_export.c:356: error: ‘charon’ undeclared (first use in this function)
certexpire_export.c:356: error: (Each undeclared identifier is reported only once
certexpire_export.c:356: error: for each function it appears in.)
The reason seems to be a missing #include <daemon.h>.
The ikev2/dynamic-* test scenarios talk about "IKE main mode", which is an
IKEv1 concept. Maybe this could be reworded in terms of IKEv2 exchanges?
Regards,
Mirko
More information about the Dev
mailing list