[strongSwan-dev] Error "peer selected invalid traffic selectors"

Martin Willi martin at strongswan.org
Thu Mar 7 10:02:55 CET 2013

Hi Paul,

> [...] which I tracked down to the tsi of the Cisco peer not returning a
> port number in its reply.

I see.

> Using the patch below, I was able to accommodate this omission.  Does
> this seem like a reasonable change, perhaps behind a configuration
> flag?

Thanks for the patch, looks reasonable. I don't think a configuration
option is necessary, as long as we install the more restrictive

Instead of just checking the port, I think we can handle this in a more
generic way by selecting the subset of the proposed and the returned
selector. This should work in any case, in is actually even simpler.
Please try the attached patch, if that works, I can push it to master.

Best regards
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-As-Quick-Mode-initiator-select-a-subset-of-the-propo.patch
Type: text/x-patch
Size: 1743 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130307/4c794b0e/attachment.bin>

More information about the Dev mailing list