[Swan-commit] Changes to ref refs/heads/main

2024-05-10 Thread Libreswan VCS commit list via Swan-commit
New commits: commit 038c5c0bbdcc936dc8773efc1e80a9a0e2adaa3b Author: Andrew Cagney Date: Thu May 9 20:35:39 2024 -0400 ikev1: drop UNUSED from IKEv1's algorithm enum names Code uses ike_alg*() to perform lookups; UNUSED is a distraction. commit

[Swan-commit] Changes to ref refs/heads/main

2024-05-10 Thread Libreswan VCS commit list via Swan-commit
New commits: commit 5bb9d43d01caea00d73b844ee5277f25b67ef640 Author: Andrew Cagney Date: Fri May 10 12:47:24 2024 -0400 enums: make enum_enum_table() private commit 34393e1ea2048a142107908dced07839bd15244a Author: Andrew Cagney Date: Fri May 10 12:47:02 2024 -0400 testing: update

Re: [Swan] Data sent in clear despite established tunnel

2024-05-10 Thread Phil Nightowl via Swan
> Sorry to cut in a bit. I have been watching this with interest. I am only > a user of ipsec vpn. Is there really a technical possibility that traffic > is somehow passing through the tunnel without being encrypted? Is there > not some default drop/fail design if there is no encryption?

Re: [Swan] Data sent in clear despite established tunnel

2024-05-10 Thread Phil Nightowl via Swan
> >>> There already is a > >>> > >>>leftsubnet=0.0.0.0/0 > >>>rightsubnet=srv.ii.nn.tt/32 > >>> > >>> in the roadwarrior's config. The config file of the server contains > >>> > >>>leftsubnet=srv.ii.nn.tt/32 > >>>rightaddresspool==192.0.2.0/24 > >>>narrowing=yes > >> > >>

[Swan-commit] Changes to ref refs/heads/main

2024-05-10 Thread Libreswan VCS commit list via Swan-commit
New commits: commit ff0fd8bae86c61f2c68ba83da68a1706a8d4bb68 Author: Andrew Cagney Date: Fri May 10 09:28:23 2024 -0400 enums: replace oakley_attr_val_descs[] and ipsec_attr_val_descs[] with the enun_enum_names ikev1_oakley_attr_value_names ikev1_ipsec_attr_value_names

Re: [Swan] Data sent in clear despite established tunnel

2024-05-10 Thread Paul Wouters via Swan
On May 10, 2024, at 03:08, Phil Nightowl wrote: > >  >> >>> There already is a >>> >>>leftsubnet=0.0.0.0/0 >>>rightsubnet=srv.ii.nn.tt/32 >>> >>> in the roadwarrior's config. The config file of the server contains >>> >>>leftsubnet=srv.ii.nn.tt/32 >>>

Re: [Swan] Data sent in clear despite established tunnel

2024-05-10 Thread Marc via Swan
> > > > As not to get lost: we're still basically trying to get libreswan to > > > install a xfrm policy with the right source IP (i. e. rw.ii.nn.tt) > for the > > > out direction, so that the policy triggers on the outgoing packets > and > > > sends them through the established tunnel, right? >

Re: [Swan] Data sent in clear despite established tunnel

2024-05-10 Thread Phil Nightowl via Swan
> > There already is a > > > > leftsubnet=0.0.0.0/0 > > rightsubnet=srv.ii.nn.tt/32 > > > > in the roadwarrior's config. The config file of the server contains > > > > leftsubnet=srv.ii.nn.tt/32 > > rightaddresspool==192.0.2.0/24 > > narrowing=yes > > Oh ok, if assigning an