[strongSwan] Split tunneling
Andreas Steffen
andreas.steffen at strongswan.org
Mon Oct 25 20:02:25 CEST 2010
Hello Claude,
I think I discovered the bug. In modecfg.c the attributes payload
was aligned to a 4-byte boundary but according to RFC 2408 only
the overall ISAKMP message should be aligned:
http://tools.ietf.org/html/rfc2408#section-3.6
"If the SA Attributes are not aligned on 4-byte boundaries,
then subsequent payloads will not be aligned and any padding will
be added at the end of the message to make the message 4-octet
aligned."
The patch
http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=1f2c32835519b31ac5a30c95de2102086dec3cf8
should fix this. Alternatively you can try the latest release
candidate 4.5.0rc3:
http://download.strongswan.org/strongswan-4.5.0rc3.tar.bz2
Regards
Andreas
On 10/25/2010 08:19 AM, Claude Tompers wrote:
> Hello Andreas,
>
> Sorry for not answering last week anymore, I was already off work.
> For the banner, things start getting very odd.
>
> It works if I don't define a banner. (nobanner.log) It works if I
> redefine the same strongswan banner. (except for a \ that slipped in
> before the !) (std_banner.log) It does not work if I define my own
> banner. (Welcome to RESTENA VPN.) (custom_banner.log)
>
> kind regards, Claude
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list