[Openswan Users] ike and esp proposals
Matthias Haas
mh at pompase.net
Fri Jan 6 19:04:45 CET 2006
Hello Paul,
I found that piece of code in the file lib/libopenswan/alg_info.c. The
following code fragment is the part where I found the '!':
293 /* chars that end algo strings */
294 switch(ch){
295 case 0: /* end-of-string */
296 case '!': /* flag as strict algo list */
297 case ',': /* algo string separator */
I could have a look where the problem comes from. To get you right, in case of
defining esp= or ike= the proposal values are always mandatory.
Matthias
On Thu, 5 Jan 2006 16:46:58 +0100 (CET), Paul Wouters wrote
> On Thu, 5 Jan 2006, Matthias Haas wrote:
>
> > forget was I was writing about. I just saw in the code that it is needed to
> > add an additional ! to the proposal to force the usage of the proposal. Is
> > there any documentation about the esp ike feature. Should it not be in man
> > for ipsec.conf.
>
> No that is not the case. The old method was to use strict mode only when
> "!" was supplied. Openswan now always assumes strict mode when
> esp/ike is specified. So it is a real bug.
>
> Where did you see the "!" in the code?
>
> Paul
More information about the Users
mailing list