[strongSwan] --enable-unity bug?
Martin Willi
martin at strongswan.org
Tue Nov 20 16:53:49 CET 2012
> when compile with --enable-unity, then must be set any one of
> unity_split_include like:
>
> ipsec pool --addattr unity_split_include
The unity plugin works completely independently of Split-Include
attributes configured through a pool. You should use only one of them.
The unity plugin builds Split-Include attributes automatically from
leftsubnet definitions and allows the daemon to enforce these subnets.
Pool attributes, though, are just plain attributes to send, the client
may or may not respect them.
> 10[CFG] sending UNITY_SPLIT_INCLUDE: 0.0.0.0/0
Probably the iOS client does not like 0.0.0.0/0 Split-Include
attributes. Maybe we should just omit it in this case, but I currently
don't have an iOS device here for testing.
Regards
Martin
More information about the Users
mailing list