Hi,
I realized I only sent this to you directly last time. I'm still
having trouble and hoped someone could help.
> The config file you posted used leftckaid= and you said you copied it to both
> sides which wouldn’t work. Can you confir you are trying only with
> leftrsasigkey and
New commits:
commit b39089eb325226909075f89056ef1ab53fb7c53a
Author: Andrew Cagney
Date: Thu Oct 4 22:32:34 2018 -0400
ikev1: drop ESP=NULL from default AH and AH+COMP proposals
commit b26647403d11e42aa43f402dc15e84650aa00422
Author: Andrew Cagney
Date: Thu Oct 4 19:01:27 2018 -0400
On Thu, 4 Oct 2018, Andrew Cagney wrote:
It turns out that, when phase2=ah (i.e., POLICY_AUTHENTICATE), IKEv1's
defaults, since before the start of time have been:
static struct db_prop_conj ah_props[] = {
{ AD(ah_pc) },
#ifdef SUPPORT_ESP_NULL
{ AD(espnull_pc) }
#endif
};
I see it
It turns out that, when phase2=ah (i.e., POLICY_AUTHENTICATE), IKEv1's
defaults, since before the start of time have been:
static struct db_prop_conj ah_props[] = {
{ AD(ah_pc) },
#ifdef SUPPORT_ESP_NULL
{ AD(espnull_pc) }
#endif
};
I.e., in addition to AH, emit an ESP proposal with
> In the current code NEXT in the first payload is patched up so the
> second proposal is be visible. Am trying east:phase2=esp
Yea, that went a little too well :-(
I'm testing the attached to mitigate this new problem, hopefully it
goes ok and can push.
I think getting rid of the extra payload
On Thu, 4 Oct 2018, D. Hugh Redelmeier wrote:
I keep seeing people, in various venues, saying that wireshark is
wonderful.
wireguard :)
Paul claims that Libreswan configuring is just as simple if the problem is
reduced to the scope of wireshark.
Paul (or anyone else): can you create simple
On Fri, 28 Sep 2018 at 19:02, D. Hugh Redelmeier wrote:
> Current oddity: the payload size is padded before fragmentation and
> after. I imagine that only after is correct.
Kind of. It does the following:
- the SK payload length without integrity and padding is saved
const unsigned int
On Thu, Oct 04, 2018 at 02:13:47PM -0400, D. Hugh Redelmeier wrote:
> I keep seeing people, in various venues, saying that wireshark is
> wonderful.
>
> Paul claims that Libreswan configuring is just as simple if the problem is
> reduced to the scope of wireshark.
>
> Paul (or anyone else):
I keep seeing people, in various venues, saying that wireshark is
wonderful.
Paul claims that Libreswan configuring is just as simple if the problem is
reduced to the scope of wireshark.
Paul (or anyone else): can you create simple instructions for setting up a
VPN that has feature-parity
For instance,
http://testing.libreswan.org/results/testing/v3.22-1007-g86105a8-master/ah-pluto-01/
(its seemingly being doing it for a while):
west.conf has:
conn westnet-eastnet-ah
also=west-east-base
also=westnet
also=eastnet
phase2=ah
but in west's logs I see:
|
New commits:
commit 5f814a456c12a2c3d7a62159a537db2ae91c61e4
Merge: 42df32e a31cbd6
Author: Paul Wouters
Date: Thu Oct 4 10:21:38 2018 -0400
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 42df32ef1aa886f523aa00f41b6c94335e35622e
Merge: 210ebc6 7a84136
Author: Paul
11 matches
Mail list logo