[Openswan dev] openswan cisco interop patches

Paul Wouters paul at xelerance.com
Mon Jul 11 13:34:12 EDT 2011


On Mon, 11 Jul 2011, Avesh Agarwal wrote:

>> Best would be some kind of mechanism where we only delete IPs that we have
>> added before, though this means storing the IPs somewhere in pluto.
>> 
> Yes, I have also targetted the same behavior. downrule is only delete an 
> ipaddress when remote_peer_type (PLUTO_IS_PEER_CISCO) is true that means it 
> does the same thing what you described.

So if I mistakenly configure leftsourceip=ip_of_eth0 and remote_peer_type=cisco
and the connection comes up without getting an IP address from the remote, and
I bring the connection down, will I lose eth0 connectivity?

> I can explain it more to tell why it works this way: If you look at the code, 
> received XAUTH parameters (ip address, domain, banner etc) are stored in 
> connection definition not in state definition, and this behavior has been 
> well before me. So when a connection/state terminates, the old values remains 
> since connection is not being deleted only terminated. Therefore, it is 
> needed to clear those values when a new IKE exchange is started as the new 
> values of XAUTH parameters may be received. And I did not see any other way 
> to handle this.

I see. So perhaps these parameters should move from connection to state?

But then if we are the server, they will appear in the config file and should
go into the connection information. Hugh, how would you envision this should
be done? Do we have other occurances of server side variables in connection
with 'state' variables in the client instance?

Paul


More information about the Dev mailing list