[strongSwan] IKE update does not correctly change the SA traffic selector in GRE transport mode
Tobias Brunner
tobias at strongswan.org
Wed Oct 31 15:48:22 CET 2018
Hi Fred,
> When the remote peer address changes,
> strongswan correctly processes the XFRM_MSG_MAPPING message, and updates
> the xfrm SA and SP in the Linux kernel, except the traffic selector.
Yes, updating that selector was, in fact, missing in the responsible
function. I pushed a potential fix to the kernel-netlink-update-sel
branch of our repository [1] (only compile tested). Let me know if that
works for you.
Regards,
Tobias
[1]
https://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/kernel-netlink-update-sel
More information about the Users
mailing list