[Openswan Users] cannot respond to IPsec SA request
Michael Richardson
mcr at xelerance.com
Tue Mar 21 14:13:54 CET 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Paul" == Paul Wouters <paul at xelerance.com> writes:
Paul> The problem is that so much has changed in the NAT and
Paul> transport mode code, that I don't think the patch is correct
Paul> anymore for anything except for openswan 2.4.x.
Paul> Michael, can you tell me if the patch is still good for
Paul> #public:
I have no idea.
I don't even know what it does.
Please describe a test scenario where find_client_connection() found
the wrong connection, and why this test shouldn't therefore go into
find_client_connection() either literally, or such that the weighting
in the comparisons of the connections resolves to this case.
It seems to apply to the case where we are behind a NAT.
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Finger me for keys
iQEUAwUBRCBefICLcPvd0N1lAQImdAfzBYCCpMs8bE1LhcWg7LqKm+H8iqy/W84n
x3FuhIbohAygjYd7W926XQ45mF1dbHd56rmFhPAc4iI1DvMcmzrkNcP7yq7EXuCr
b6RmfVqm4gloThxUHh40WG0js1PWW4xTANTGxg/MgT2gGkqzssnNZyRsIvXvnDxs
wQ4s5MG3lWfiY5pk9n5OZkX6fCqualuuRrtClLyCDtpOu5FIiLixWUXUdsvuB5kg
PX4KG9f31TpwL7mCCnEQHfVfpNIo1iKqGJZa38/bg9hP5XdFtCAbTXPEAApWPUY5
KER0R2lZSMqni3rxLPseqV1295SLgKpLrKi6EBWc0UbQ3PPrRvLM
=s1DE
-----END PGP SIGNATURE-----
More information about the Users
mailing list