[strongSwan-dev] Error "peer selected invalid traffic selectors"

Paul Stewart pstew at chromium.org
Sun Mar 10 03:29:24 CET 2013

Got to it sooner than I thought I would.  It works fine.  Thanks, this
looks a lot cleaner!  BTW, on a somewhat unrelated note, I just sent an
update to bug http://wiki.strongswan.org/issues/289 with another fix I
made.  Is it better to send these to the mailing list rather than comment
on bugs?  I can open a new thread in that case.


On Sat, Mar 9, 2013 at 5:45 PM, Paul Stewart <pstew at chromium.org> wrote:

> I'll give it a shot at latest Monday.  Thanks!
> --
> Paul
> On Thu, Mar 7, 2013 at 1:02 AM, Martin Willi <martin at strongswan.org>wrote:
>> Hi Paul,
>> > [...] which I tracked down to the tsi of the Cisco peer not returning a
>> > port number in its reply.
>> I see.
>> > Using the patch below, I was able to accommodate this omission.  Does
>> > this seem like a reasonable change, perhaps behind a configuration
>> > flag?
>> Thanks for the patch, looks reasonable. I don't think a configuration
>> option is necessary, as long as we install the more restrictive
>> selector.
>> Instead of just checking the port, I think we can handle this in a more
>> generic way by selecting the subset of the proposed and the returned
>> selector. This should work in any case, in is actually even simpler.
>> Please try the attached patch, if that works, I can push it to master.
>> Best regards
>> Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130309/31abcd13/attachment.html>

More information about the Dev mailing list