[strongSwan] --enable-unity bug?
richter at ecos.de
richter at ecos.de
Thu Nov 22 09:55:59 CET 2012
Hi Martin,
the patch works for me too, in case my leftsubnet is 0/0 I still see the message "sending UNITY_SPLIT_INCLUDE: 0.0.0.0/0", but it works .
But when I try another connection between charon as client and pluto as server which has a rightsubnet defined and the unity plugin is loaded on the Charon side, it does not work:
"cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===..."
It seems that during the phase II handshake, Charon submits 0/0 instead of the given rightsubnet. As soon as I unload the unity plugin the rightsubnet is submitted correctly again.
Would it make sense to disable unity if a rightsubnet other than 0/0 is given?
Regards
Gerald
> -----Original Message-----
> From: users-bounces+richter=ecos.de at lists.strongswan.org [mailto:users-
> bounces+richter=ecos.de at lists.strongswan.org] On Behalf Of Igor
> Sent: Wednesday, November 21, 2012 8:58 PM
> To: Martin Willi
> Cc: users at lists.strongswan.org; Gerald Richter - ECOS
> Subject: Re: [strongSwan] --enable-unity bug?
>
> patch works great :)
>
> Bests,
> -Igor
>
>
> On Wed, Nov 21, 2012 at 5:14 PM, Martin Willi <martin at strongswan.org>
> wrote:
> > Hi Gerald,
> >
> >> If you can provide a patch, I can test it against iOS5 and iOS6
> >
> > Please try the attached, but completely untested patch. It should omit
> > Split-Include attributes for 0.0.0.0/0 selectors. It might require [1]
> > on top of 5.0.1 to apply cleanly.
> >
> > Regards
> > Martin
> >
> > [1]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=6e8f88db
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
More information about the Users
mailing list