[strongSwan-dev] support for {left,right}allowany in charon?

Andreas Steffen andreas.steffen at strongswan.org
Fri Jun 22 09:57:49 CEST 2012

Hi Mirko,

thanks for the feedback.

On 06/21/2012 01:41 PM, Mirko Parthey wrote:
> On Sat, Jun 09, 2012 at 02:50:47PM +0200, Andreas Steffen wrote:
>> the right|leftallowany feature is now supported by the new monolithic
>> IKEv1/v2 strongSwan 5.0 charon daemon. If you want to give it a
>> try, download our 5.0.0dr1 developers release
>>   http://download.strongswan.org/strongswan-5.0.0dr1.tar.bz2
>> I also created the following IKEv2 allow-any example scenario:
>> http://www.strongswan.org/uml/testresults5dr/ikev2/dynamic-initiator/
> Hi Andreas,
> I have been using the 5.0.0dr1 release for a week now, with a
> configuration based on the rightallowany feature, and it is working well
> for me.
> A few minor issues:
> Building strongswan fails when the --enable-certexpire option is set:
>   certexpire_export.c: In function ‘certexpire_export_create’:
>   certexpire_export.c:356: error: ‘charon’ undeclared (first use in this function)
>   certexpire_export.c:356: error: (Each undeclared identifier is reported only once
>   certexpire_export.c:356: error: for each function it appears in.)
> The reason seems to be a missing #include <daemon.h>.
Fixed by

> The ikev2/dynamic-* test scenarios talk about "IKE main mode", which is an
> IKEv1 concept. Maybe this could be reworded in terms of IKEv2 exchanges?
Fixed by

> Regards,
> Mirko



Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Dev mailing list