[strongSwan-dev] support for {left,right}allowany in charon?
Tobias Brunner
tobias at strongswan.org
Wed May 9 18:02:23 CEST 2012
Hi Mirko,
Thanks for the detailed report.
> It looks like charon does not use the updated IP address for path checking,
> nor does it resolve the peer's name again, which would also have provided the
> updated address.
>
> What's happening here, and what could be done about it?
This is an unfortunate side-effect of my attempts to store all the known
addresses of a peer in a single list. The peer's current address (as
known to the IKE_SA) is stored in that list when it is updated. But
when this happens during a MOBIKE exchange caused by an address change
of the responder the address cached on the IKE_SA is still the old one
(it is updated only a few lines later).
Please try the attached patch (should apply to 4.6.3) which uses the
source address of the current message instead of the cached address on
the IKE_SA.
Regards,
Tobias
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-MOBIKE-address-update-if-responder-address-chang.patch
Type: text/x-patch
Size: 1536 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20120509/b09f431b/attachment.bin>
More information about the Dev
mailing list