[Openswan Users] cannot respond to IPsec SA request
mcr at xelerance.com
Tue Mar 21 14:13:54 CET 2006
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Paul" == Paul Wouters <paul at xelerance.com> writes:
Paul> The problem is that so much has changed in the NAT and
Paul> transport mode code, that I don't think the patch is correct
Paul> anymore for anything except for openswan 2.4.x.
Paul> Michael, can you tell me if the patch is still good for
I have no idea.
I don't even know what it does.
Please describe a test scenario where find_client_connection() found
the wrong connection, and why this test shouldn't therefore go into
find_client_connection() either literally, or such that the weighting
in the comparisons of the connections resolves to this case.
It seems to apply to the case where we are behind a NAT.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----
More information about the Users