[strongSwan] %any in ipsec.secrets
Germano Veit Michel
germanovmichel at aim.com
Fri Mar 9 20:22:37 CET 2012
Hello Andreas,
I tried that but still no go:
| af+type: OAKLEY_AUTHENTICATION_METHOD
| length/value: 1
| [1 is pre-shared key]
"x-ethernet0" #1: Can't authenticate: no preshared key found for '10.1.1.1' and '10.1.1.2'. Attribute OAKLEY_AUTHENTICATION_METHOD
"x-ethernet0" #1: no acceptable Oakley Transform
"x-ethernet0" #1: sending notification NO_PROPOSAL_CHOSEN to 10.1.1.2:500
If I do
10.1.1.1 10.1.1.2 : PSK "test123"
then it works like a charm.
However, I took some time to look at the code and found this function:
const secret_t* match_secret(identification_t *my_id, identification_t *his_id, secret_kind_t kind)
A part of this function is the following:
enumerator = s->ids->create_enumerator(s->ids);
while (enumerator->enumerate(enumerator, &id))
{
if (my_id->equals(my_id, id))
{
match |= match_me;
}
if (his_id->equals(his_id, id))
{
match |= match_him;
}
}
enumerator->destroy(enumerator);
Read some comments on the code and then i changed
my_id->equals(...,...)
to
my_id->matches(....,....)
and now it recognizes the %any keyword properly.
But I'm not sure if I didn't break anything. What do you think about it?
By the way, strongswan v4.6.2
Thanks for your time
Germano Veit Michel
germanovmichel at aim.com
Germano Veit Michel
germanovmichel at aim.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120309/d3e2e380/attachment.html>
More information about the Users
mailing list