[Openswan Users] modecfg supplied IP address and multiple subnets

Northfield Stuart stu at metanate.com
Sat Mar 17 08:05:44 EDT 2012

>> I took some time to study the code, and I think that when the unpend() function in programs/pluto/pending.c is called from programs/pluto/xauth.c at the end of phase 1, it needs to copy the client and source IP addresses from the connection it has been passed (i.e. the one which has been used to established phase 1) to all of the connections it is now 'unpending' (i.e. all of the phase 2 associations waiting on this phase 1 association). I attach a simple patch which I tried as an experiment and for my configuration this then works as expected (as long as there is no leftsourceip defined anyway).
>> (NB this patch does the minumum required and I'm sure needs polish, and probably to take other flags into account, before being incorporated into the source base - but it is enough to prove the concept. At the very least it should probably detect when the source and destination connection pointers are the same.)
>> Does this seem the right way to go?
> I will have to take a closer look, but it sounds like you are on the
> right track. It could be that when modecfg completes, the SA should
> look up all its phase2 children and update them, or indeed as you have
> it that the children need to check for an updated parent.
> Thanks for your work!

No worries Paul - I just followed the code flow to the first point that I could see a way to solve the problem. Can I leave it to you guys to implement the solution in the most appropriate manner? Happy to test new code...


Stuart Northfield
+44 (0) 1223 566759 (Direct), +44 (0) 1223 566727 (Fax)
Metanate Limited. Registered in England No 4046086 at:
Lincoln House, Station Court, Great Shelford, Cambridge CB22 5NE, UK
www.metanate.com (Consultancy) www.schemus.com (Data synchronisation)

This e-mail and all attachments it may contain is confidential and
intended solely for the use of the individual to whom it is addressed.
Any views or opinions presented are those of the author and do not
necessarily represent those of Metanate Ltd.  If you are not the
intended recipient, be advised that you have received this e-mail in
error and that any use, dissemination, printing, forwarding or copying
of this e-mail is strictly prohibited.  Please contact the sender if
you have received this e-mail in error.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1683 bytes
Desc: not available
URL: <https://lists.openswan.org/pipermail/users/attachments/20120317/3f52df82/attachment.p7s>

More information about the Users mailing list