[strongSwan] Split tunneling

Claude Tompers claude.tompers at restena.lu
Tue Oct 26 09:10:13 CEST 2010


Hello Andreas,

It works now, the banner as well as the split tunneling. Thank you very much for your help.
I suppose the bug will be fixed in version 4.5.0 ? Will it be on time in 6 days ?

kind regards,
Claude



On Monday 25 October 2010 20:02:25 Andreas Steffen wrote:
> Hello Claude,
> 
> I think I discovered the bug. In modecfg.c the attributes payload
> was aligned to a 4-byte boundary but according to RFC 2408 only
> the overall ISAKMP message should be aligned:
> 
>    http://tools.ietf.org/html/rfc2408#section-3.6
> 
>        "If the SA Attributes are not aligned on 4-byte boundaries,
>         then subsequent payloads will not be aligned and any padding will
>         be added at the end of the message to make the message 4-octet
>         aligned."
> 
> The patch
> 
>  
> http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=1f2c32835519b31ac5a30c95de2102086dec3cf8
> 
> should fix this. Alternatively you can try the latest release
> candidate 4.5.0rc3:
> 
>    http://download.strongswan.org/strongswan-4.5.0rc3.tar.bz2
> 
> Regards
> 
> Andreas
> 
> On 10/25/2010 08:19 AM, Claude Tompers wrote:
> > Hello Andreas,
> >
> > Sorry for not answering last week anymore, I was already off work.
> > For the banner, things start getting very odd.
> >
> > It works if I don't define a banner. (nobanner.log) It works if I
> > redefine the same strongswan banner. (except for a \ that slipped in
> > before the !) (std_banner.log) It does not work if I define my own
> > banner. (Welcome to RESTENA VPN.) (custom_banner.log)
> >
> > kind regards, Claude
> 
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
> 

-- 
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101026/d6cfcb1e/attachment.pgp>


More information about the Users mailing list