[Openswan dev] [Openswan Users] Trying to get Openswan working Ubuntu to Cisco ASA 5510 (fwd)

[Paul Wouters]

(for those working on allowing multiple aggressive mode conns with the same DH group)


---------- Forwarded message ----------
Date: Thu, 11 Mar 2010 13:43:24 -0500
From: Michael Richardson <mcr at sandelman.ca>
Subject: Re: [Openswan Users] Trying to get Openswan working Ubuntu to Cisco ASA
      5510


The pick first proposal logic is at:

spdb_v1_struct.c, in the function:

bool
init_am_st_oakley(struct state *st, lset_t policy)

which is called in ikev1_aggr.c, in

     if(init_am_st_oakley(st, policy) == FALSE) {
 	loglog(RC_AGGRALGO, "can not initiate aggressive mode, at most one algorithm may be provided");
 	reset_globals();
 	return STF_FAIL;
     }

aggr_outI1().

The purpose of this code is to restrict the policy down to one proposal.
The work of sending it done by out_sa() called from either
aggr_outI1_tail(), or from main_outI1().

You may need to do *some* of the work from init_am_st_oakley() to make
sure the DH group is setup correctly before you do the async operation
to generat ethe DH exponent needed before you can initialize.

-- 
]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr at sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
    Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
 	               then sign the petition.