[Openswan dev] Initiate on demand and netkey

Mattias Walstrom lazzer at vmlinux.org
Fri Feb 4 09:26:53 EST 2011


We have had problems with initiate on demand triggering, and it often goes well but sometimes this results in different understanding about which SPI to use for the traffic on both ends (and communication is lost).

As I had understood, intiate on demand is only useful for MAST/KLIPS, or have I missed something here?

Index: openswan-2.6.32/programs/pluto/initiate.c
===================================================================
--- openswan-2.6.32.orig/programs/pluto/initiate.c
+++ openswan-2.6.32/programs/pluto/initiate.c
@@ -730,6 +730,9 @@ initiate_ondemand_body(struct find_oppo_
     /* on klips/mast assume we will do something */
     work = (kern_interface == USE_KLIPS || kern_interface == USE_MASTKLIPS);
 
+    if (!work)
+        return work;
+
     /* What connection shall we use?
      * First try for one that explicitly handles the clients.
      */


More information about the Dev mailing list