[strongSwan] Left subnet Limitation?

Adrian Milanoski amilanoski at blackberry.com
Thu Nov 14 03:30:32 CET 2013 

Hi all,

I think I just found a bug in the strognSwan code or even a limitation.

Option
Leftsubnet

Doesn't allow more that 115 subnets.

E.g.
conn ikev2_psk_FQDN_200subnets
leftid=server
leftsubnet=172.16.1.0/24,172.16.2.0/24,172.16.3.0/24,172.16.4.0/24,172.16.5.0/24,172.16.6.0/24,172.16.7.0/24,172.16.8.0/24,172.16.9.0/24,172.16.10.0/24,172.16.11.0/24,172.16.12.0/24,172.16.13.0/24,172.16.14.0/24,172.16.15.0/24,172.16.16.0/24,172.16.17.0/24,172.16.18.0/24,172.16.19.0/24,172.16.20.0/24,172.16.21.0/24,172.16.22.0/24,172.16.23.0/24,172.16.24.0/24,172.16.25.0/24,172.16.26.0/24,172.16.27.0/24,172.16.28.0/24,172.16.29.0/24,172.16.30.0/24,172.16.31.0/24,172.16.32.0/24,172.16.33.0/24,172.16.34.0/24,172.16.35.0/24,172.16.36.0/24,172.16.37.0/24,172.16.38.0/24,172.16.39.0/24,172.16.40.0/24,172.16.41.0/24,172.16.42.0/24,172.16.43.0/24,172.16.44.0/24,172.16.45.0/24,172.16.46.0/24,172.16.47.0/24,172.16.48.0/24,172.16.49.0/24,172.16.50.0/24,172.16.51.0/24,172.16.52.0/24,172.16.53.0/24,172.16.54.0/24,172.16.55.0/24,172.16.56.0/24,172.16.57.0/24,172.16.58.0/24,172.16.59.0/24,172.16.60.0/24,172.16.61.0/24,172.16.62.0/24,172.16.63.0/24,172.16.64.0/24,172.16.65.0/24,172.16.66.0/24,172.16.67.0/24,172.16.68.0/24,172.16.69.0/24,172.16.70.0/24,172.16.71.0/24,172.16.72.0/24,172.16.73.0/24,172.16.74.0/24,172.16.75.0/24,172.16.79.0/24,172.16.80.0/24,172.16.81.0/24,172.16.82.0/24,172.16.83.0/24,172.16.84.0/24,172.16.85.0/24,172.16.86.0/24,172.16.87.0/24,172.16.88.0/24,172.16.89.0/24,172.16.90.0/24,172.16.91.0/24,172.16.92.0/24,172.16.93.0/24,172.16.94.0/24,172.16.95.0/24,172.16.96.0/24,172.16.97.0/24,172.16.98.0/24,172.16.99.0/24,172.16.100.0/24,172.16.101.0/24,172.16.102.0/24,172.16.103.0/24,172.16.104.0/24,172.16.105.0/24,172.16.106.0/24,172.16.107.0/24,172.16.108.0/24,172.16.109.0/24,172.16.110.0/24,172.16.111.0/24,172.16.112.0/24,172.16.113.0/24,172.16.114.0/24,172.16.115.0/24,172.16.116.0./24,172.16.117.0/24,172.16.118.0/24,172.16.119.0/24,172.16.120.0/24,172.16.121.0/24,172.16.122.0/24,172.16.123.0/24,172.16.124.0/24,172.16.125.0/24,172.16.126.0/24,172.16.127.0/24,172.16.128.0/24,172.16.129.0/24,172.16.130.0/24,172.16.131.0/24,172.16.132.0/24,172.16.133.0/24,172.16.134.0/24,172.16.135.0/24,172.16.136.0/24,172.16.137.0/24,172.16.138.0/24,172.16.139.0/24,172.16.140.0/24,172.16.141.0/24,172.16.142.0/24,172.16.143.0/24,172.16.144.0/24,172.16.145.0/24,172.16.146.0/24,172.16.147.0/24,172.16.148.0/24,172.16.149.0/24,172.16.150.0/24,172.16.151.0/24,172.16.152.0/24,172.16.153.0/24,172.16.154.0/24,172.16.155.0/24,172.16.156.0/24,172.16.157.0/24,172.16.158.0/24,172.16.159.0/24,172.16.160.0/24,172.16.161.0/24,172.16.162.0/24,172.16.163.0/24,172.16.164.0/24,172.16.165.0/24,172.16.166.0/24,172.16.167.0/24,172.16.168.0/24,172.16.169.0/24,172.16.170.0/24,172.16.171.0/24,172.16.172.0/24,172.16.173.0/24,172.16.174.0/24,172.16.175.0/24,172.16.176.0/24,172.16.177.0/24,172.16.178.0/24,172.16.179.0/24,172.16.180.0/24,172.16.181.0/24,172.16.182.0/24,172.16.183.0/24,172.16.184.0/24,172.16.185.0/24,172.16.186.0/24,172.16.187.0/24,172.16.188.0/24,172.16.189.0/24,172.16.190.0/24,172.16.191.0/24,172.16.192.0/24,172.16.193.0/24,172.16.194.0/24,172.16.195.0/24,172.16.196.0/24,172.16.197.0/24,172.16.198.0/24,172.16.199.0/24,172.16.200.0/24
rightid=200subnetuser
authby=secret


Can anyone comment on this limitation? Is this a bug?


Regards,

Adrian Milanoski
Lab Administrator
BBOS WiFI VPN. Security Testing - R&D
4715 Tahoe Blvd, Mississauga, ON, Canada, L4W 0B5
Tel.(289) 261-5801 | Fax.(905) 629-7836
Email  amilanoski at blackberry.com<mailto:amilanoski at blackberry.com>



[Description: Description: cid:image001.gif at 01CDFFB4.0099AD80][Description: Description: Description: hme_scrn_ind_new_notification_Precsn_Zen_801421_11]<http://www.blackberry.com/>




---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131114/ad96ddfc/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.jpg
Type: image/jpeg
Size: 1633 bytes
Desc: image005.jpg
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131114/ad96ddfc/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.jpg
Type: image/jpeg
Size: 724 bytes
Desc: image006.jpg
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131114/ad96ddfc/attachment-0001.jpg>

More information about the Users mailing list