[strongSwan] IKE Minor Version Number
Martin Willi
martin at strongswan.org
Tue Jun 22 11:17:41 CEST 2010
Hi Richard,
> We see in the IKE_SA_INIT that if the minor verison is set to any value other
> thn 0 strongswan does not respond to the packet. Turning on debug traces we see
> that the charon deamon is waiting to recieve the IKE_SA_INIT packet, but it does
> not recieve it.
Seems that we have been a little to restrictive. The socket filter code
that is used by the RAW socket did accept version 2.0 only. I pushed two
patches, one that accepts any minor version in the socket filter [1],
and one that lets pluto ignore any 2.x packets [2].
Best regards
Martin
[1]http://git.strongswan.org/?p=strongswan.git;a=commit;h=169eae5229d501705b929c3c8a2a6f46ceb0acb6
[2]http://git.strongswan.org/?p=strongswan.git;a=commit;h=5d31217232ff1cc9237df1d47796f7866072f6be
More information about the Users
mailing list