[strongSwan] Attempting to use 5.0 MDS Ref#:00040620
Martin Willi
martin at strongswan.org
Tue Sep 25 09:04:04 CEST 2012
Hello Henry,
> Sep 24 10:41:07 VPN pluto[16791]: "test" #324: received ModeCfg
> message when in state STATE_MAIN_R3, and we aren't mode config client
Seems that 5.0 sends a Mode Config message, but 4.5 does not expect one.
With strongSwan 4.x and IKEv1, pluto didn't send a Mode Config message
if you define leftsourceip to a fixed IP. With 5.0, charon always
negotiates the address in both IKEv1 and IKEv2.
Specifying leftsourceip might not be required anymore with 5.x, as
charon always installs a route with a matching source address. However,
there is currently no way to enforce a specific address if two addresses
would match to the negotiated traffic selector.
Regards
Martin
More information about the Users
mailing list