On Sun, Jun 28, 2015 at 11:53 PM, Martin Willi <[email protected]> wrote:
> tiple auth methods, we'd have to > return all of them (for example using a bit-set), and use these methods > in main/aggressive_mode.c to select the appropriate > Hi Martin, Thanx for the reply. Yes, I realized from the code that only the auth method in the first transform proposal from the SA payload is returned. Same with the lifetime, which i thought would not matter so much, but a Juniper SRX did not like it either when the lifetime was different from what it had proposed. Sadly, the proposal structures in the ike_cfg_t do not have the auth method in them, so even if i get a list of auth methods from the sa payloads, it was not easy to do a proper match against the proposals in ike_cfg.in the end i ended up putting in a hack to keep the auth method in ike_cfg, based on the connection definition. And when the get_proposals on the sa_payload is done, it will return only those proposals that match the auth method. if no proposal is found, then it does what strongswan currently does. it seems to work for me now, but i hope there is a better solution. i did something similar for lifetime. regards, sk
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
