viq <vic...@gmail.com> writes:
> On 17-06-25 21:44:24, Tim Stewart wrote:
>> Hi,
>>
>> In this message I've tried to encode everything I've done to allow
>> strongSwan on Android to connect with iked, including the latest patch.
>> I have also verified tha
viq <vic...@gmail.com> writes:
> On 17-07-18 23:20:26, Tim Stewart wrote:
>> viq <vic...@gmail.com> writes:
>>
>> > On 17-06-25 21:44:24, Tim Stewart wrote:
>> >> Hi,
>> >>
>> >> In this message I've tried to encode everyt
A sample configuration:
ikev2 "win10host" passive esp \
from 0.0.0.0/0 to 10.1.1.51 \
local any peer any \
ikesa auth hmac-sha2-384 enc aes-256 prf hmac-sha2-384 group modp2048 \
childsa enc aes-256-gcm group modp2048 \
srcid "/C=US/ST=New York/L=NYC/O=Stoo Labs/OU=iked/CN=foo.stoo.org"
This patch teaches iked to reject a KE with a Notify payload of type
INVALID_KE_PAYLOAD when the KE uses a different Diffie-Hellman group
than is configured locally. The rejection indicates the desired group.
In my environment, this patch allows stock strongSwan on Android from
the Google Play
Here is a version of the previous patch that preserves tabs properly.
Apologies.
-TimS
Index: parse.y
===
RCS file: /cvs/src/sbin/iked/parse.y,v
retrieving revision 1.65
diff -u -p -r1.65 parse.y
--- parse.y 24 Apr 2017
Henderson <s...@spacehopper.org> writes:
> On 2017/05/22 01:52, Tim Stewart wrote:
>> Hello again,
>>
>> Tim Stewart <t...@stoo.org> writes:
>>
>> > Tim Stewart <t...@stoo.org> writes:
>> >
>> >> This patch teaches iked
Hello again,
Tim Stewart <t...@stoo.org> writes:
> Tim Stewart <t...@stoo.org> writes:
>
>> This patch teaches iked to reject a KE with a Notify payload of type
>> INVALID_KE_PAYLOAD when the KE uses a different Diffie-Hellman group
>> than is configur
Tim Stewart <t...@stoo.org> writes:
> This patch teaches iked to reject a KE with a Notify payload of type
> INVALID_KE_PAYLOAD when the KE uses a different Diffie-Hellman group
> than is configured locally. The rejection indicates the desired
> group.
>
> In my enviro
Tim Stewart <t...@stoo.org> writes:
> A sample configuration:
>
> ikev2 "win10host" passive esp \
> from 0.0.0.0/0 to 10.1.1.51 \
> local any peer any \
> ikesa auth hmac-sha2-384 enc aes-256 prf hmac-sha2-384 group modp2048 \
> childsa enc aes-256-gcm
ere anything I can do to help? Meanwhile, I'll be watching this
space for more patches.
-TimS
--
Tim Stewart
---
Mail: t...@stoo.org
Matrix: @tim:stoo.org
Apologies for disappearing for a while. I was moving across town and I
had to drop many things!
Stuart Henderson <s...@spacehopper.org> writes:
> On 2017/06/25 21:44, Tim Stewart wrote:
>> Hi,
>>
>> In this message I've tried to encode everything I've done to all
Patrick Wildt <patr...@blueri.se> writes:
> On Mon, Nov 27, 2017 at 06:12:22PM +0100, Patrick Wildt wrote:
>> On Mon, Nov 27, 2017 at 04:21:08PM +0100, Patrick Wildt wrote:
>> > On Wed, Nov 22, 2017 at 05:26:24PM +0100, Patrick Wildt wrote:
>> > > On
Tim Stewart <t...@stoo.org> writes:
> Martin Pieuchot <m...@openbsd.org> writes:
>
>> On 11/10/17(Wed) 17:01, Martin Pieuchot wrote:
>>> OpenBSD 6.2 includes nice performance and latency improvements due to
>>> the work done in the Network Stack i
lly set up to
capture crash information, and there are no dumps in /var/crash/.
I don't have much experience with capturing OpenBSD kernel panics. I've
set up screen on another system so that I'll have a log of serial
console activity (this is an apu2c4) and have set ddb.console=1. I will
also reb
Stuart Henderson <s...@spacehopper.org> writes:
> On 2017/10/21 10:33, Tim Stewart wrote:
>> I don't have much experience with capturing OpenBSD kernel panics. I've
>> set up screen on another system so that I'll have a log of serial
>> console activity (this
Stuart Henderson <s...@spacehopper.org> writes:
> On 2017/10/21 12:04, Tim Stewart wrote:
>> *49727 296965 0 0 7 0x14200crynlk
>
> aha, it was that one. Try this diff on
Stuart Henderson <s...@spacehopper.org> writes:
> On 2017/10/21 14:52, Tim Stewart wrote:
>> Stuart Henderson <s...@spacehopper.org> writes:
>>
>> > On 2017/10/21 12:04, Tim Stewart wrote:
>> >> *49727 296965 0 0 7 0x14200
on such work. If not, perhaps someone that is familiar with the code
could suggest an approach at a high level?
Thanks for any advice,
-TimS
[1] Whenver I've asked, the reason is usually something about DDoS
prevention.
--
Tim Stewart
---
Mail: t...@stoo.org
Matrix
Hello tech@,
Here is a small initial patch related to message fragmentation.
ikev2_msg_decrypt() claims to strip the padding from the decrypted IKE
payloads, but actually leaves it tacked on the end of the returned ibuf.
This is fine in the unfragmented case since the inner payloads have
On 3/30/19 3:11 PM, Tobias Heider wrote:
Hi Stuart,
I'm glad to see people are using this.
There's some smaller fixes that I haven't sent to the list yet, so
probably I'll send an updated diff on monday.
I plan to start using this patch this week, likely as soon as you send
the updated diff.
Tim Stewart writes:
> On 3/30/19 3:11 PM, Tobias Heider wrote:
>> Hi Stuart,
>>
>> I'm glad to see people are using this.
>> There's some smaller fixes that I haven't sent to the list yet, so
>> probably I'll send an updated diff on monday.
>
> I plan to s
21 matches
Mail list logo