Hello There was a bit of a thread some time ago concerning upgrading ipsec on Bering uClibc. I believe the time has come to do so.
The problem shows up if on one side of a connection pair we leave pfs undefined and on the other side pfs=no. Then pluto crashes and gets restarted, just to crash at the next connection attempt from the badly configured peer. In my ipsec webconf it happens that I add parameters to the configuration which were missing before, so I never observed the problem. The default for at least the pfs parameter appears to be wrong in the ipsec webconf page, but this can be fixed easily. My openswan version right now is 2.4.7 which is, as far as the CVS repository tells, the latest and greatest version (at OpenSwan the current release of the 2.x branch is 2.6.22). The problem depicted here is a known bug in 2.4.7 :-) It so happens that there is a kernel patch for ipsec (openswan-2.4.7.kernel-2.4-klips.patch), which might just be the content of the openswanx.x.x/linux directory, but I am missing some information on how this patch was built. cheers Erich ------------------------------------------------------------------------------ _______________________________________________ leaf-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-devel
