[Openswan dev] Problems with netkey acquires.
tis at foobar.fi
Wed Mar 10 16:10:39 EST 2010
Tuomo Soini wrote:
> Tuomo Soini wrote:
>> Tuomo Soini wrote:
>>> Seem like code matching acquire to tunnel configuration is currently broken.
>> Just fyi, commit 00ed7490af2e9adc1a936d38693c872cea1e87ba didn not fix
>> this issue on netkey.
> David. Do you have any idea what's problem here.
> With 2.6.24 you get acquire states which are shown in ipsec auto
> --status and never cleaned up.
> It looks like your change "fixed" this but now these acquire states are
> inserted into xfrm policy directly without matching them to loaded conns.
It seems like david's commit 00ed7490af2e9adc1a936d38693c872cea1e87ba
fixed part of the old acquire state handling problem but accidentally
triggered pluto to insert wrong policy. I attached debug log where
situation is shown quite clearly. Only tunnel is 184.108.40.206/32 -
0.0.0.0/0 in this configuration.
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
More information about the Dev