[Openswan dev] Initiate on demand and netkey
Michael H. Warfield
mhw at WittsEnd.com
Fri Feb 4 11:03:50 EST 2011
On Fri, 2011-02-04 at 15:26 +0100, Mattias Walstrom wrote:
> We have had problems with initiate on demand triggering, and it often
> goes well but sometimes this results in different understanding about
> which SPI to use for the traffic on both ends (and communication is
> lost).
>
> As I had understood, intiate on demand is only useful for MAST/KLIPS,
> or have I missed something here?
Why would it only be useful for MAST/KLIPS and not netkey? Maybe I'm
missing something here. I've never used initiate on demand under
Openswan but, a long time ago, I was playing with it under Racoon. If
there's a problem with which SPI to use, that sounds like something that
needs to be fixed.
> Index: openswan-2.6.32/programs/pluto/initiate.c
> ===================================================================
> --- openswan-2.6.32.orig/programs/pluto/initiate.c
> +++ openswan-2.6.32/programs/pluto/initiate.c
> @@ -730,6 +730,9 @@ initiate_ondemand_body(struct find_oppo_
> /* on klips/mast assume we will do something */
> work = (kern_interface == USE_KLIPS || kern_interface == USE_MASTKLIPS);
>
> + if (!work)
> + return work;
> +
> /* What connection shall we use?
> * First try for one that explicitly handles the clients.
> */
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/dev/attachments/20110204/e661855e/attachment.bin
More information about the Dev
mailing list