[strongSwan] IKE update does not correctly change the SA traffic selector in GRE transport mode
Frederic Griffoul
griffoul at gmail.com
Wed Oct 31 16:04:22 CET 2018
Yes, it works. Thanks Tobias.
Will it be included in an upcoming Strongswan release?
Br,
Fred
On Wed, Oct 31, 2018 at 3:48 PM Tobias Brunner <tobias at strongswan.org>
wrote:
> Hi Fred,
>
> > When the remote peer address changes,
> > strongswan correctly processes the XFRM_MSG_MAPPING message, and updates
> > the xfrm SA and SP in the Linux kernel, except the traffic selector.
>
> Yes, updating that selector was, in fact, missing in the responsible
> function. I pushed a potential fix to the kernel-netlink-update-sel
> branch of our repository [1] (only compile tested). Let me know if that
> works for you.
>
> Regards,
> Tobias
>
> [1]
>
> https://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/kernel-netlink-update-sel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20181031/60cdb940/attachment.html>
More information about the Users
mailing list