New commits:
commit 038c5c0bbdcc936dc8773efc1e80a9a0e2adaa3b
Author: Andrew Cagney
Date: Thu May 9 20:35:39 2024 -0400
ikev1: drop UNUSED from IKEv1's algorithm enum names
Code uses ike_alg*() to perform lookups; UNUSED is a distraction.
commit
New commits:
commit 5bb9d43d01caea00d73b844ee5277f25b67ef640
Author: Andrew Cagney
Date: Fri May 10 12:47:24 2024 -0400
enums: make enum_enum_table() private
commit 34393e1ea2048a142107908dced07839bd15244a
Author: Andrew Cagney
Date: Fri May 10 12:47:02 2024 -0400
testing: update
> Sorry to cut in a bit. I have been watching this with interest. I am only
> a user of ipsec vpn. Is there really a technical possibility that traffic
> is somehow passing through the tunnel without being encrypted? Is there
> not some default drop/fail design if there is no encryption?
> >>> There already is a
> >>>
> >>>leftsubnet=0.0.0.0/0
> >>>rightsubnet=srv.ii.nn.tt/32
> >>>
> >>> in the roadwarrior's config. The config file of the server contains
> >>>
> >>>leftsubnet=srv.ii.nn.tt/32
> >>>rightaddresspool==192.0.2.0/24
> >>>narrowing=yes
> >>
> >>
New commits:
commit ff0fd8bae86c61f2c68ba83da68a1706a8d4bb68
Author: Andrew Cagney
Date: Fri May 10 09:28:23 2024 -0400
enums: replace oakley_attr_val_descs[] and ipsec_attr_val_descs[]
with the enun_enum_names
ikev1_oakley_attr_value_names
ikev1_ipsec_attr_value_names
On May 10, 2024, at 03:08, Phil Nightowl wrote:
>
>
>>
>>> There already is a
>>>
>>>leftsubnet=0.0.0.0/0
>>>rightsubnet=srv.ii.nn.tt/32
>>>
>>> in the roadwarrior's config. The config file of the server contains
>>>
>>>leftsubnet=srv.ii.nn.tt/32
>>>
>
> > > As not to get lost: we're still basically trying to get libreswan to
> > > install a xfrm policy with the right source IP (i. e. rw.ii.nn.tt)
> for the
> > > out direction, so that the policy triggers on the outgoing packets
> and
> > > sends them through the established tunnel, right?
>
> > There already is a
> >
> > leftsubnet=0.0.0.0/0
> > rightsubnet=srv.ii.nn.tt/32
> >
> > in the roadwarrior's config. The config file of the server contains
> >
> > leftsubnet=srv.ii.nn.tt/32
> > rightaddresspool==192.0.2.0/24
> > narrowing=yes
>
> Oh ok, if assigning an