[strongSwan-dev] Error "peer selected invalid traffic selectors"

[Martin Willi]

Hi Paul,

> [...] which I tracked down to the tsi of the Cisco peer not returning a
> port number in its reply.

I see.

> Using the patch below, I was able to accommodate this omission.  Does
> this seem like a reasonable change, perhaps behind a configuration
> flag?

Thanks for the patch, looks reasonable. I don't think a configuration
option is necessary, as long as we install the more restrictive
selector.

Instead of just checking the port, I think we can handle this in a more
generic way by selecting the subset of the proposed and the returned
selector. This should work in any case, in is actually even simpler.
Please try the attached patch, if that works, I can push it to master.

Best regards
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-As-Quick-Mode-initiator-select-a-subset-of-the-propo.patch
Type: text/x-patch
Size: 1743 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130307/4c794b0e/attachment.bin>