"I could try to write this patch but I really don't know how begin to study Pluto's source code. Could anybody help me ?"<br><br>up...<br><br><div class="gmail_quote">2008/6/12 Julien DELEAN <<a href="mailto:julien.delean@peer2me.com">julien.delean@peer2me.com</a>>:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I tried your patch on openswan 2.4.12 but it doesn't seem to prevent Vista deconnections.<br>
<br>In order to quickly provoke this behavior, I download a large file,
on Vista client, to reach transfer volume limitations on Windows side
and to force rekeying.<br><br>I still have the same error message :<br>Jun 12 11:56:02 xxx pluto[6962]: "roadwarrior-l2tp"[1] xx.xx.xx.xx #1: responding to Main Mode from unknown peer xx.xx.xx.xx<br>...<br>Jun 12 11:56:03 xxx pluto[6962]: "roadwarrior-l2tp"[2] xx.xx.xx.xx #2: STATE_QUICK_R2: IPsec SA established {ESP=>0xfb7982a1 <0xf516b8d0 xfrm=AES_128-HMAC_SHA1 NATD=xx.xx.xx.xx:4500 DPD=none}<br>
Jun 12 12:18:18 xxx pluto[6962]: "roadwarrior-l2tp"[3] xx.xx.xx.xx #3: responding to Quick Mode {msgid:02000000}<br>Jun 12 12:18:18 xxx pluto[6962]: "roadwarrior-l2tp"[3] xx.xx.xx.xx #3: cannot install eroute -- it is in use for "roadwarrior-l2tp"[2] xx.xx.xx.xx #2<br>
<br>James, are we talking about the same problem ?<br><br>I think that the only solution is, as you said Paul, to write a patch that allows rekeys to happen to "the same ip/port as currently used". Am I right ?<br>
<br>I could try to write this patch but I really don't know how begin to study Pluto's source code. Could anybody help me ?<br><br>--<br>Julien<br><br><br><br><div class="gmail_quote">2008/6/11 Paul Wouters <<a href="mailto:paul@xelerance.com" target="_blank">paul@xelerance.com</a>>:<div>
<div></div><div class="Wj3C7c"><br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div>On Wed, 11 Jun 2008, James wrote:<br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
How would i configure ipsec.conf to do that?<br>
</blockquote>
<br></div>
the workaround is a hack, not a config option. diff against <a href="http://2.6.14." target="_blank">2.6.14.</a>..<br>
Might require tweaking for 2.4.x<br>
<br>
diff --git a/programs/pluto/ikev1_main.c b/programs/pluto/ikev1_main.c<br>
index e7dbe4f..64a9c00 100644<br>
--- a/programs/pluto/ikev1_main.c<br>
+++ b/programs/pluto/ikev1_main.c<br>
@@ -2948,11 +2948,27 @@ accept_delete(struct state *st, struct msg_digest *md, struct payload_digest *p)<br>
}<br>
else<br>
{<br>
+<br>
+ /*<br>
+ * attempt at workaround bug 888. If we're in STATE_QUICK_R2, and<br>
+ * we receive a Delete AND Rekey, we will hit<br>
+ * the passert(sr->eroute_owner == SOS_NOBODY) in state.c<br>
+ * Workaround: don't delete IPsec SA now, let it linger<br>
+ */<br>
+ if(dst->st_state == STATE_QUICK_R2) {<br>
+ loglog(RC_LOG_SERIOUS, "BUG 888 workaround triggered\n. Received and "<br>
+ "ignored Delete SA(0x%08lx) payload: keeping IPSEC state #%lu"<br>
+ , (unsigned long)ntohl((unsigned long)*(ipsec_spi_t *)spi)<br>
+ , dst->st_serialno);<br>
+ }<br>
+ else<br>
+ {<br>
loglog(RC_LOG_SERIOUS, "received Delete SA(0x%08lx) payload: "<br>
"deleting IPSEC State #%lu"<br>
, (unsigned long)ntohl((unsigned long)*(ipsec_spi_t *)spi)<br>
, dst->st_serialno);<br>
delete_state(dst);<br>
+ }<br>
}<br>
<br>
/* reset connection */<br>
<br>
<br>
</blockquote></div></div></div><br>
</blockquote></div><br>