[strongSwan] MOBIKE switching bug in gateway with two external interfaces
Simon Chan
simon.chan3 at yahoo.ca
Fri Mar 9 23:56:54 CET 2012
Hi Tobias,
Wow! I just posted the problem yesterday and the fix is ready this morning.
Much appreciate your effort.
Simon
________________________________
From: Tobias Brunner <tobias at strongswan.org>
To: Simon Chan <simon.chan3 at yahoo.ca>
Cc: "users at lists.strongswan.org" <users at lists.strongswan.org>
Sent: Friday, March 9, 2012 1:38:33 AM
Subject: Re: [strongSwan] MOBIKE switching bug in gateway with two external interfaces
Hi Simon,
> Seems MOBIKE message processing needs to store the message's source IP
> addr along with the other ADDITIONAL_IPV4_ADDRESS. Use ike_sa to
> "remember" this address separately is not safe. It requires
> code to add it in the additional_addresses list before it is overwritten
> by N(UPDATE_SA_ADDRESSES).
You are right, we should store the peer's current address in this list.
I pushed some commits to our repository to fix this (see [1]-[4]).
Regards,
Tobias
[1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=2fe624cc
[2] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=94bbc602
[3] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=72b28112
[4] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=cd6b5bf8
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120309/384371a1/attachment.html>
More information about the Users
mailing list