[Swan-commit] Changes to ref refs/heads/main

2024-05-09 Thread Libreswan VCS commit list via Swan-commit
New commits: commit d1d2eb043bd96c13f56e70c2ccb38d84c7c41dd5 Author: Andrew Cagney Date: Thu May 9 20:32:55 2024 -0400 enums: return bool from enum_enum_name() ___ Swan-commit mailing list Swan-commit@lists.libreswan.org

[Swan-commit] Changes to ref refs/heads/main

2024-05-09 Thread Libreswan VCS commit list via Swan-commit
New commits: commit 3dfdde8d8a75e69c0cface899e4b7defa023e3fa Author: Andrew Cagney Date: Thu May 9 10:22:54 2024 -0400 enums: sprinkle S(E) over remaining tables ___ Swan-commit mailing list Swan-commit@lists.libreswan.org

[Swan-commit] Changes to ref refs/heads/main

2024-05-09 Thread Libreswan VCS commit list via Swan-commit
New commits: commit 6add1540483ef8c27fdc9442e99c3885f7b6762e Author: Andrew Cagney Date: Thu May 9 12:51:45 2024 -0400 state: drop #define ta_ikev1_encrypt and ta_ikev1_integ_hash code is using .ta_encrypt ___ Swan-commit mailing list

[Swan-commit] Changes to ref refs/heads/main

2024-05-09 Thread Libreswan VCS commit list via Swan-commit
New commits: commit 15396a459d145f23c68f8eabd568b7b161b950a3 Author: Andrew Cagney Date: Thu May 9 09:27:44 2024 -0400 ikev1: delete now redundant ESP_ switch computing needed keymat More CVE-2024-3652 follow-up. Can't break a switch that isn't there.

Re: [Swan] Data sent in clear despite established tunnel

2024-05-09 Thread Paul Wouters via Swan
On Thu, 9 May 2024, Phil Nightowl wrote: Then be sure to have a leftsubnet= on your client or else it will try to use the pre-NAT IP and your remote peer would likely not accept that. There already is a leftsubnet=0.0.0.0/0 rightsubnet=srv.ii.nn.tt/32 in the roadwarrior's

[Swan-commit] Changes to ref refs/heads/main

2024-05-09 Thread Libreswan VCS commit list via Swan-commit
New commits: commit e6b3b173449ccb842584be6cd58037b1960ea5d2 Author: Andrew Cagney Date: Thu May 9 09:59:43 2024 -0400 ikev1: rename ISAKMP_NEXT_MCFG_ATTR -> ISAKMP_NEXT_MODECFG Where MODECFG is the name used when logging. (based on the draft RFC, it should be called

[Swan-commit] Changes to ref refs/heads/main

2024-05-09 Thread Libreswan VCS commit list via Swan-commit
New commits: commit 4a5e3e08bc5ba2a158abd09abacf72ea0a0d10db Author: Andrew Cagney Date: Wed May 8 21:24:45 2024 -0400 ikev1: add IKEv1_ prefix to AH_ and ESP_ macros update enum_name tables, drop "(UNUSED)"; ike_alg tables decide what is used. commit

[Swan-commit] Changes to ref refs/heads/main

2024-05-09 Thread Libreswan VCS commit list via Swan-commit
New commits: commit c9675037a68645f21a9875f93f3d3db951189a18 Author: Andrew Cagney Date: Thu May 9 09:04:05 2024 -0400 ikev1: compute the ESP keymat length twice Once using a big switch and once like IKEv2. pexpect() same ___

Re: [Swan] Data sent in clear despite established tunnel

2024-05-09 Thread Phil Nightowl via Swan
> Then be sure to have a leftsubnet= on your client or else it will try to > use the pre-NAT IP and your remote peer would likely not accept that. There already is a leftsubnet=0.0.0.0/0 rightsubnet=srv.ii.nn.tt/32 in the roadwarrior's config. The config file of the server