On Tue, 2 Apr 2024 at 09:30, antonio via Swan wrote:
>
> Solved, it was an issue with the kernel…by mistake I was loading an old
> kernel linux-image-3.16.0-4-amd64 boot it with a newer kernel and it's ok.
> Sorry.
Thanks for following this up. I guess this was the fineprint:
> [1711649620]
On Wed, 3 Apr 2024 at 18:22, Bán László via Swan
wrote:
>
> Hi Paul,
>
> there is an IKEv2 IPSec connection (the device on the other side is a
> Palo Alto), where one side has one (leftsubnet) and ~12 subnets
> (rightsubnets) on the other side.
> When expanding righsubnets, the following was
On Wed, 28 Feb 2024 at 17:35, Marc via Swan wrote:
>
> >
> > Where can I find a working and tested config, that offers vpn connectivity
> > with the os default clients of android, win10, win11, macos and ios? (maybe
> > put this on some wiki/example page)
> >
> >
>
> How should I even know what
On Sun, 25 Feb 2024 at 18:19, Marc via Swan wrote:
>
>
> I did more or less a default install on a fedora client. I assume that if
> windows/android clients do not have an issue. It is probably not related to
> the server settings, but something on fedora?
>
>
> dnf -y install libreswan
On Mon, 4 Mar 2024 at 07:31, John Crisp via Swan
wrote:
>
> On 02/03/2024 01:57, Paul Wouters wrote:
>
> > Since usually this means running things that are 10+ years old, that is
> > really hard to sustain for a small group of developers. We do provide
> > the basic common deployment
On Thu, 29 Feb 2024 at 10:10, Marc via Swan wrote:
>
> now this
>
>
> Feb 29 16:03:12 test2 pluto[94]: packet from :33325: INFORMATIONAL
> request has no corresponding IKE SA; message dropped
> Feb 29 16:04:34 test2 pluto[94]: last message repeated 4 times
> Feb 29 16:05:36 test2
New commits:
commit d20ead7ffd94d68972c965f3e54d2b97c3694402
Author: Andrew Cagney
Date: Thu Feb 8 07:34:12 2024 -0500
ikev2: use accept_v2_notification(v2N_MOBIKE_SUPPORTED)
commit e2fe587982422984d1ecd6facb9eb8e9bc15d201
Author: Andrew Cagney
Date: Thu Feb 8 07:33:44 2024 -0500
New commits:
commit f5b02380eef9f03d7147ac2a4043fefd55bb74b7
Author: Andrew Cagney
Date: Wed Feb 7 12:24:41 2024 -0500
ikev2: use accept_v2_notification(USE_TRANSPORT_MODE)
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit 59105aa3b55e29cada8b044e18008059b832b55b
Author: Andrew Cagney
Date: Wed Feb 7 22:07:09 2024 -0500
ikev2: make ECP MODP groups first for IKE
commit b06bae1a3dd567db7c437c935e6df16ef30521d4
Author: Andrew Cagney
Date: Wed Feb 7 22:09:33 2024 -0500
testing:
New commits:
commit 09cdb01ee154e3db032ebef42413696fd3877b76
Author: Andrew Cagney
Date: Thu Feb 8 14:36:17 2024 -0500
impair: add --impair ignore_v2_notification:NAME
replace ignore_v2N_SIGNATURE_HASH_ALGORITHMS
commit 203d39e24fc192897529d39974d6605cbcd2e86a
Author: Andrew
New commits:
commit b378b6da5e3b58fce112165c2b0687ec6b5c8390
Author: Andrew Cagney
Date: Thu Feb 8 10:56:00 2024 -0500
ikev2: add chacha to default non-FIPS IKE+ESP proposals
commit 85ffd7ba82ba080ae6af591a0121bb350f168e79
Author: Andrew Cagney
Date: Thu Feb 8 14:20:22 2024 -0500
New commits:
commit b589311f806e0a90acc61b6c32931e9343142f1e
Author: Andrew Cagney
Date: Tue Feb 6 21:18:48 2024 -0500
mobike: group/merge mobike state fields
Like intermedate, merge .st_ike_{sent,seen}_v2n_mobike_supported
into .st_v2_mobike.enabled, and clearly log when
New commits:
commit ed5fd98798be091039e21f908dd5138c1ed550da
Author: Andrew Cagney
Date: Thu Feb 8 18:41:51 2024 -0500
testing: --impair ignore_v2_notification tweaks
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit ba73ffecdfe51aecf5be763b7cf48513c35b0e81
Author: Andrew Cagney
Date: Thu Feb 8 17:03:45 2024 -0500
testing NetBSD: update to 10.0_RC4
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit f8a709d0dd296083cb0ded6280e5ca9efe4dfbe5
Author: Andrew Cagney
Date: Thu Feb 8 16:41:37 2024 -0500
ppk: when ppk=insist and IKE_SA_INIT doesn't agree to PPK, fail
See:
ppk stumbles on to IKE_AUTH even though PPK isn't negotiated during
IKE_SA_INIT #1610
New commits:
commit 9fa1a0905074acf95db0a5275ac5b56a598ba873
Author: Andrew Cagney
Date: Thu Feb 8 21:02:58 2024 -0500
ikev2: add --impair omit_v2_notification:...
replace --impair omit_v2N_SIGNATURE_HASH_ALGORITHMS
commit 622513f3268a5f417da465d332c305634a888a3e
Author: Andrew
New commits:
commit 5bc7590956d68e5a0be909cde8d9cc79cbc25418
Author: Andrew Cagney
Date: Fri Feb 9 09:41:49 2024 -0500
testing: in interop-ikev2-strongswan-15-child-sa, note pfs=no
See:
test interop of default strongswan and libreswan's second child #1606
New commits:
commit e27d44d424d3474a8585156ad3a024f710e1fc90
Author: Andrew Cagney
Date: Mon Feb 12 13:05:27 2024 -0500
routing: .newest_ipsec_sa -> .established_child_sa
Since it is only set when the Child SA establishes; typically
.newest_routing_sa is more useful.
New commits:
commit a6cf6ae79ef060fc9f3641418fb7ad4384361689
Author: Andrew Cagney
Date: Sun Feb 11 23:31:38 2024 -0500
libipsecconf: delete struct conn_end .pubkey et.al.
which deletes the code preventing pubkeys in %default:
duplicate public key #833
commit
New commits:
commit 5795cbb9fea618440fb966a8302652d4db4fa4a5
Author: Andrew Cagney
Date: Mon Feb 12 16:10:00 2024 -0500
testing: locally define north-east-base
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit 0a272a8d1c9b3983c3728429909f5f8e01c44e0b
Author: Andrew Cagney
Date: Mon Feb 12 11:04:21 2024 -0500
testing: in ipsec.conf.common delete unused
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit 865c4b8dd4e92093ae3e6e5c209448cab15067db
Author: Andrew Cagney
Date: Tue Feb 13 18:07:01 2024 -0500
ikev2: inline ikev2_emit_psk_auth()
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit 5b2a72b2609cd32a1153c34ed4b4c6d693571e44
Author: Andrew Cagney
Date: Fri Feb 9 21:09:26 2024 -0500
testing: inline also=west-east-base
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit 7e773301a6ad51b7ff1391ed181a0a94e2e21d53
Author: Andrew Cagney
Date: Sat Feb 10 09:44:19 2024 -0500
testing: inline also=road-east
commit f8be316b394e71f09a516211e9a7988d87bb130b
Author: Andrew Cagney
Date: Sat Feb 10 09:26:19 2024 -0500
testing: delete #also=
New commits:
commit c38c7e519573cc31848d7bd72cf61bfe6a51b02e
Author: Andrew Cagney
Date: Fri Feb 9 21:56:31 2024 -0500
testing: inline also=west-east-base-ipv4
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit fd4d0b82ac80d0c447fcce1093e45da7ac2dae01
Author: Andrew Cagney
Date: Fri Feb 9 20:35:43 2024 -0500
testing: inline also=westnet-eastnet-ipv4-psk
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit 68d1c0a9889ec740efeeebee213706166221394a
Author: Andrew Cagney
Date: Fri Feb 9 22:48:11 2024 -0500
testing: inline also=west-east-base-id-nss
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit 0631625175d76a6d69b45d95b97b761759038b69
Author: Andrew Cagney
Date: Fri Feb 9 23:45:28 2024 -0500
testing: trim includes of ipsec.conf.common
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit 7ad78aaec2eeca1d4cd8cf30cd608f59f41adf11
Author: Andrew Cagney
Date: Wed Feb 14 15:27:32 2024 -0500
libipsecconf: clean up dpd*=
- drop struct whack_msg .dpd_action
move obsolete warning to libipsecconf
- drop struct starter_conn .dpd_timeout and
New commits:
commit 76314a8f082c07e93f8f1676de05cf82627c284f
Author: Andrew Cagney
Date: Mon Feb 12 16:18:05 2024 -0500
routing: .newest_routing_sa -> .negotiating_child_sa
again an exact description; although here it is valid
once it has established as well
commit
New commits:
commit 9122f43d1428709bddec031af6b7ccd39bbcf0f6
Author: Andrew Cagney
Date: Wed Feb 14 12:47:50 2024 -0500
ikev2: drop id_payload_mac param to emit_local_v2AUTH()
commit 209234609f8088dd2ed031067e1146ead0b21ce5
Author: Andrew Cagney
Date: Wed Feb 14 12:44:29 2024 -0500
New commits:
commit cb86597fc0b45f8947b9787c2cb993744fa4b6c3
Author: Andrew Cagney
Date: Wed Feb 14 19:19:22 2024 -0500
testing: mark connalias-01-conflict wip
as in:
connalias-01-conflict gets internal error cannot install kernel policy
... it is in use by the
New commits:
commit da0bc238500c12c1e60dce67842189b90ffec907
Author: Andrew Cagney
Date: Wed Feb 14 23:01:08 2024 -0500
libipsecconf: drop struct starter_conn .modecfg_{dns,domains,banner}
___
Swan-commit mailing list
New commits:
commit 271c4d98a11b6fa1fabaa1ad417fa96d5cf10738
Merge: 5bf46659eb 567391430a
Author: Andrew Cagney
Date: Thu Feb 15 08:16:20 2024 -0500
testing: gut ipsec.conf.common
all the connections are sprinkled over individual tests, where needed
only OE connections are
New commits:
commit 4b044a957cc19eac037978544e51c80f20f61592
Author: Andrew Cagney
Date: Thu Feb 15 09:44:35 2024 -0500
ikev2: return STF_FATAL (i.e., kill IKE SA) when initiator PSK fails
see:
Failed to find our PreShared Key #1621
New commits:
commit 5bf46659ebc114c3b2274359ae5355f6a932df10
Author: Andrew Cagney
Date: Thu Feb 15 08:09:06 2024 -0500
libipsecconn: drop struct starter_conn .conn_mark_{both,in,out}
Also use .mark{,in,out}, to match option names, throughout.
New commits:
commit 3c4e3e772027114074cbab1260c0ff2a9bb57d70
Author: Andrew Cagney
Date: Thu Feb 15 08:48:02 2024 -0500
testing: include rsasigkey.conf, not ipsec.conf.common
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit f366dfb3c5d57ba62a2da6dd8cd576740955b994
Author: Andrew Cagney
Date: Thu Feb 15 09:41:52 2024 -0500
testing: add ikev2-05-basic-psk-missing-{initiator,responder}
see:
Failed to find our PreShared Key #1621
___
New commits:
commit c9e81ecb6559a5326937ea7d957d704f36939b6e
Author: Andrew Cagney
Date: Thu Feb 15 14:59:30 2024 -0500
testing: trim .config files of include ipsec.conf.common
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit 176850728dbaf5e477d4db95cba348fba1b3b1df
Author: Andrew Cagney
Date: Thu Feb 15 12:04:00 2024 -0500
libipsecconf: drop struct starter_conn .ike_crypto and .esp
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit d4d859361cfd21a1b61293d11487188533e18ff1
Author: Andrew Cagney
Date: Thu Feb 15 14:24:49 2024 -0500
libipsecconf: drop struct starter_conn .id and "conn %auto"
.id was never set which means that "conn %auto" always
generated "conn conn_0" (at least since
New commits:
commit d99edb21e4992c5d5cbf24d68e400f0dd92a6320
Author: Andrew Cagney
Date: Thu Feb 15 19:45:54 2024 -0500
ikev2: factor out v2_IKE_AUTH_initiator_id_payload()
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
> Feb 15 06:15:48 saledortvm2 pluto[70624]: "server01.cnf.com" #2: processing
> decrypted IKE_AUTH request: SK{IDi,CERT,AUTH,CP,SA,TSi,TSr}
notice how the client sent a CP payload in the request (CP_REQUEST to be exact).
but
> #2: missing v2CP reply, not attempting to setup child SA
> #1: IKE
New commits:
commit e5704105aec4cdefa7ff6f008a6e863aa4fb5c1a
Author: Andrew Cagney
Date: Thu Feb 15 16:18:20 2024 -0500
testing: update ikev2-05-basic-psk-missing-initiator
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit 615f31ec9f8a9c788100cb5bae1504f62f7770af
Author: Andrew Cagney
Date: Thu Feb 15 16:22:33 2024 -0500
testing: in ipsec.conf.common, don't include rsasigkey.conf
should already be included
___
Swan-commit mailing list
New commits:
commit 97e89806f1644bac565a1b7b36f94f9cf5592486
Author: Andrew Cagney
Date: Thu Feb 15 16:30:49 2024 -0500
testing: update ikev2-05-basic-psk-missing-*
commit cb9e1047d33fde695d63a95854c2bc2470a476c8
Author: Andrew Cagney
Date: Thu Feb 15 16:30:30 2024 -0500
ikev2:
New commits:
commit cb96af2fc1e31d0c2c7c2d18fd8a874fb9b24e3c
Author: Andrew Cagney
Date: Tue Feb 13 08:33:28 2024 -0500
libipsecconf: warn about legacy ',,' -> '\\,' transformation
commit 65be4313a15d32ec5428e6eefe9bde764ee4c3d0
Author: Andrew Cagney
Date: Tue Feb 13 07:38:39 2024
New commits:
commit 5a6eb802ebdd63899408e5c92b75cc75eda741fa
Author: Andrew Cagney
Date: Tue Feb 13 08:46:04 2024 -0500
libipsecconf: drop struct starter_end .id
commit 764bc40b9fbc8541012563771209ab607cef2a48
Author: Andrew Cagney
Date: Tue Feb 13 08:45:08 2024 -0500
testing:
New commits:
commit 6aee63a0a5d742c9cd51d4440d1da6f338216f38
Author: Andrew Cagney
Date: Mon Feb 12 20:34:10 2024 -0500
logging: log "internal error" using llog_pexpect()
and with RC_INTERNAL_ERROR
Note: connalias-01-conflict is triggering this.
commit
New commits:
commit e27d6a75f2a913798f99556b9ec4ce2d10b0d6c1
Author: Andrew Cagney
Date: Sat Feb 10 19:55:02 2024 -0500
testing: trim include ipsec.conf.common
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit 4b608755d2dc50e63a5711b3dbaa6f6f73f10380
Author: Andrew Cagney
Date: Sat Feb 10 18:38:46 2024 -0500
testing: expect disabled clear updown
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit f31c48163d4dbedacbbf01a67a6d8441997cba17
Author: Andrew Cagney
Date: Sat Feb 10 16:08:58 2024 -0500
testing: inline also=north-east-x509
commit 8e300f5cfbb510076d26786c5be1ef3aad09ce1f
Author: Andrew Cagney
Date: Sat Feb 10 16:03:23 2024 -0500
testing: inline
New commits:
commit a0a6c7a3057a02a1a93b4cabb7333e8830cdbce5
Author: Andrew Cagney
Date: Mon Feb 12 15:58:52 2024 -0500
connections: warn when id=foo gets ignored because it doesn't resolve
the code ends up using the host address
commit 118bdad096825621514913114158df8838e81003
New commits:
commit fdc3ad1c64322d0fc520daa815c30cf7de66c8c5
Author: Andrew Cagney
Date: Sun Feb 11 07:48:10 2024 -0500
testing web: fix typo in tester.sh
commit d349aea79ae245ed4deb58736a65589662dda232
Author: Andrew Cagney
Date: Sat Feb 10 20:56:10 2024 -0500
testing: move
New commits:
commit 2cdf0c829df710d54d86fc9b519e771f18113228
Author: Andrew Cagney
Date: Tue Feb 13 14:31:52 2024 -0500
routing: don't log "connection for ... is already in state" to whack
commit 069c4f3fe5efa96950e4657cb78315f6ca8759d4
Author: Andrew Cagney
Date: Tue Feb 13 14:40:57
New commits:
commit 82c60fa40c99411c994c641770916c00c1c04915
Author: Andrew Cagney
Date: Sun Feb 11 11:45:04 2024 -0500
testing: in ipsec.conf.common, drop unused conns
westnet-eastnet-ipv4-psk and rw-east-pool-x509-ipv4
___
Swan-commit
New commits:
commit f99f9107aa1dcbc9ca137e3b213a105483846e52
Author: Andrew Cagney
Date: Sun Feb 11 14:07:22 2024 -0500
testing: work-around selinux "Dontaudit getty and plymouth the
checkpoint_restore capability"
tracked down by Tuomo
New commits:
commit 369bae8aaafdd0eb6eaa0d0483479e3a74e9acbe
Author: Andrew Cagney
Date: Sun Feb 11 14:27:31 2024 -0500
libipsecconf: drop conn_end .addresspool
and handle .addresspool vs .subnet[s] in pluto
commit 71750e2bac349e686544c49490e8d92599e05e3c
Author: Andrew Cagney
New commits:
commit 9f335a9e4c042aa9832f97527b238332ac95d16b
Author: Andrew Cagney
Date: Sun Feb 11 14:38:34 2024 -0500
testing: locally define road-east-base-ipv6
and drop from ipsec.conf.common
___
Swan-commit mailing list
New commits:
commit e1810dbdd717df0a86f4e013992f41afbe8b14fe
Author: Andrew Cagney
Date: Sun Feb 11 11:13:07 2024 -0500
libipsecconf: change also= to recursively expand inline
Re-implement also= so that, when building the connection, the entries
are expanded as they are
New commits:
commit 2478256da458137c0f6f6602c41d74876bef9f82
Author: Andrew Cagney
Date: Sun Feb 11 16:54:27 2024 -0500
documentation: try to update ipsec.conf overview
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit 07c04ae5bd887c900b9690ba65148866fabf76f6
Author: Andrew Cagney
Date: Sun Feb 11 13:00:42 2024 -0500
documentation: split ipsec.conf's tail.xml into per-section files
___
Swan-commit mailing list
New commits:
commit 8b7ea5a70344f82d9adb0e63c095d39fee58ae01
Author: Andrew Cagney
Date: Tue Feb 13 13:06:02 2024 -0500
libipsecconf: eliminate starter_end .certx
commit 677a3425b520693fb023328f0b52af8e1cd311b4
Author: Andrew Cagney
Date: Tue Feb 13 13:03:10 2024 -0500
New commits:
commit 9b2fbc487a8a4a01870d568b66b54b2d59655821
Author: Andrew Cagney
Date: Mon Feb 19 22:27:14 2024 -0500
testing: sprinkle --impair revival over first child failing
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit 43e966be89c42d9b3145092d140e0cc7ecd7e198
Author: Andrew Cagney
Date: Tue Feb 20 10:05:37 2024 -0500
routing: update debug-logs and function names
some were out-of-date
___
Swan-commit mailing list
New commits:
commit a48d3ca570c0d04b3b5e479f39b8a68905d4c27a
Author: Andrew Cagney
Date: Tue Feb 20 14:23:01 2024 -0500
labeled-ipsec: update *_instantiate() names
sec_label_child_instantiate() -> labeled_parent_instantiate()
sec_label_parent_instantiate() ->
New commits:
commit 76bbf6b9a6630b61f6004d119a11715841cfbc08
Author: Andrew Cagney
Date: Tue Feb 20 14:03:03 2024 -0500
routing: move unrouted_to_routed_ondemand_sec_label() to routing.c
next to other *_to_*() functions
___
Swan-commit
New commits:
commit 01c02eb80c79edbfe9c5d7e3744316adacc57d61
Author: Andrew Cagney
Date: Tue Feb 20 14:30:54 2024 -0500
routing: update .child.routing in unrouted_to_routed_ondemand_sec_label()
like for other *_to_*() functions
___
New commits:
commit e6ad6e36e768f0d96cf1499d875e45a4d5fc85e6
Author: Andrew Cagney
Date: Tue Feb 20 16:10:34 2024 -0500
routing: drop prototype connection events
only CONNECTION_INITIATE(D) used
___
Swan-commit mailing list
New commits:
commit 34770bbc33f92c20a71e2e459295d2b78faf90fc
Author: Andrew Cagney
Date: Tue Feb 20 16:12:06 2024 -0500
labeled-ipsec: pass where into is_labeled*()
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
On Tue, 20 Feb 2024 at 21:16, Paul Wouters via Swan-dev
wrote:
>
>
> I see this commit:
>
> commit f198add4b08640d1b67aef19168998070b65b725
> Author: Andrew Cagney
> Date: Tue Feb 20 20:25:33 2024 -0500
>
> ikev2: when responding to labeled TS don't search for a connection
>
> only
New commits:
commit f198add4b08640d1b67aef19168998070b65b725
Author: Andrew Cagney
Date: Tue Feb 20 20:25:33 2024 -0500
ikev2: when responding to labeled TS don't search for a connection
only possible match is the IKE SAs (note that at this point
the Child SA is sharing the
New commits:
commit 55f9656881f7d3198f5f87c3e9fbaf78f0695acc
Author: Andrew Cagney
Date: Tue Feb 20 14:35:57 2024 -0500
routing: don't update routing when establishing IKE SA
For instance, during a redirect, the IKE SA should not touch
routing.
(The exception, there's
New commits:
commit 3ac00ccda106cca770b5370059512a2b2196f520
Author: Andrew Cagney
Date: Wed Feb 21 13:29:30 2024 -0500
routing: in INITIATED, ROUTED_ONDEMAND, PERMANENT use set_negotiating()
commit f7fc55b244b9132de349493bbd768e166bb13934
Author: Andrew Cagney
Date: Wed Feb 21
New commits:
commit 82b02b9862939507b7fcd2d5a4fa4d4dcb5039be
Author: Andrew Cagney
Date: Tue Feb 13 13:20:00 2024 -0500
routing: add ROUTING_SA
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit b4ce1ea04abe170cf797afec01220376d934a524
Author: Andrew Cagney
Date: Wed Feb 21 09:59:01 2024 -0500
routing: add INITIATED_BY_PENDING to enum
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit f9a9a5114ce1c9492c73310e216dd817dc13b68b
Author: Andrew Cagney
Date: Wed Feb 21 14:27:29 2024 -0500
testing: add impair revival to ikev2-labeled-ipsec-04-no-label-on-initiator
___
Swan-commit mailing list
New commits:
commit abe5c430fd87ce20ac8ed03296558918143b79a9
Author: Andrew Cagney
Date: Wed Feb 21 13:49:49 2024 -0500
routing: give connection_pending() its own pending_dispatch_ok()
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit 5e2fb6eeaf344bdc0ec38f6e43f3724b0aa91e47
Author: Andrew Cagney
Date: Wed Feb 14 14:22:48 2024 -0500
routing: always call connection_initiated_child() when initiating child
was missing:
- unpend()
- IKE_AUTH initiator
New commits:
commit 80fbab5d9beb6bd0d1690e0c43b6044a014e517c
Author: Andrew Cagney
Date: Wed Feb 21 14:47:22 2024 -0500
routing when INITIATED, UNROUTED, INSTANCE, set the negotiating SA
not just the routing
___
Swan-commit mailing list
New commits:
commit 36a5e1ba9e255731e89a31b385ad3f616fb8a82a
Author: Andrew Cagney
Date: Wed Feb 21 21:11:29 2024 -0500
routing: simplify set_routing()
- drop unused EVENT
- drop always-NULL E
___
Swan-commit mailing list
New commits:
commit 71556f180141d206791c887e87f74b9db2227ae4
Author: Andrew Cagney
Date: Tue Feb 20 22:06:00 2024 -0500
routing: handle more initiated cases and set_routing()
these happen when the IKE then Child initiates
+ case X(INITIATED,
New commits:
commit ae87a78da50ede4d54fefebdf160e8c4771542f0
Author: Andrew Cagney
Date: Wed Feb 21 18:27:30 2024 -0500
routing: add set_established_{in,out}bound()
replace set_established_child() and set_routing(e)
___
Swan-commit
New commits:
commit c8d581197f837b3358a30697c86c34d614724952
Author: Andrew Cagney
Date: Wed Feb 21 21:14:56 2024 -0500
testing: de-namespace addconn-37-nic-offload's output
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit 92c001f538ed5cc15c957d6943e3262cea059e8b
Author: Andrew Cagney
Date: Wed Feb 7 10:48:10 2024 -0500
includes: make message_role_names and sa_role_names enum_names
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit ef6321b6c1e8ab1f1562be59d28a9772f48e1a42
Author: Andrew Cagney
Date: Wed Feb 7 20:00:58 2024 -0500
ikev2: use accept_v2_notification(INTERMEDIATE_EXCHANGE_SUPPORTED)
commit c9fc73957cef3820df9637fa9ed19af2cf6ccfc1
Author: Andrew Cagney
Date: Wed Feb 7 19:59:31 2024
New commits:
commit 061fb3c400c782084d562fe2f8ee059f6ea50454
Author: Andrew Cagney
Date: Wed Feb 7 19:04:49 2024 -0500
ikev2: use accept_v2_notification(IKEV2_FRAGMENTATION_SUPPORTED)
Fix responder which was sending unsolicited notifies.
Split .st_seen_fragmentation_supported
New commits:
commit 768a6b99d6fa9f87a589837d63aac582a0e90e7d
Author: Andrew Cagney
Date: Wed Feb 7 15:34:23 2024 -0500
ikev2: drop SHA1 from AH algorithms
commit ef79af749b54c5c9fe2064cef2612260ade8a882
Author: Andrew Cagney
Date: Wed Feb 7 16:02:41 2024 -0500
testing: don't
New commits:
commit 96c439fe7d4d187c298ae527b250a2f316f15a20
Author: Andrew Cagney
Date: Wed Feb 7 12:24:22 2024 -0500
testing: add ikev2-14-compress-unsolicited
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit 5f7de0e03e56ddb0d748b8437006a12007d12cfc
Author: Andrew Cagney
Date: Sun Feb 11 09:42:07 2024 -0500
testing: locally define north-east-x509
... dropping from ipsec.conf.common
___
Swan-commit mailing list
New commits:
commit 1f356a95a1675a9a78136227394ca752def44778
Author: Andrew Cagney
Date: Sun Feb 11 15:02:37 2024 -0500
testing: locally define west-east-base-ipv6
and drop definition from ipsec.conf.common.
Include rsasigkey.common to get keys.
New commits:
commit e3a69ff42e41a4fc6272c50017564425ea31f130
Author: Andrew Cagney
Date: Fri Feb 9 11:09:17 2024 -0500
testing: add addconn-39-updown good
The test demonstrates existing behaviour, which is pretty strange:
- unoriented interfaces only show left, and as my_
New commits:
commit e12c3ec90343b6846da46d97a3031f298474a256
Author: Andrew Cagney
Date: Fri Feb 9 11:14:12 2024 -0500
testing: add --pass output to addconn-39-updown
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit e48a587789508b227bc53dc48ee889942751e848
Author: Andrew Cagney
Date: Sun Feb 11 21:20:05 2024 -0500
libipsecconf: drop struct starter_end .ca
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit be9dc12b4c6f239fac3cd2eb77bed8736fcf40e8
Author: Andrew Cagney
Date: Sun Feb 11 17:31:34 2024 -0500
testing: locally define road-east-x509
and drop from ipsec.conf.common
___
Swan-commit mailing list
New commits:
commit 789e6aa9f1914ad96d2ce771090623221cf843f4
Author: Andrew Cagney
Date: Sun Feb 11 18:03:50 2024 -0500
libipsecconf: drop struct starter_end .sourceip
commit a6c256c88466a3b929e798a602bd54fb969a5386
Author: Andrew Cagney
Date: Sun Feb 11 18:21:49 2024 -0500
New commits:
commit fc1366bf0b1820fe711b6c7ec127b1287341cd19
Author: Andrew Cagney
Date: Fri Feb 9 16:02:16 2024 -0500
impair: add --impair record_{inbound,outbound}
So that packet recording can be started without needing to
also block traffic.
New commits:
commit fa88befe485ac9b90842802f6fc5e98a18dbb3b1
Author: Andrew Cagney
Date: Fri Feb 9 10:41:15 2024 -0500
libipsecconf: drop "XXX: nasty hack for RHEL" fopen() error message
The glob code, per addconn-19-include-missing, ignores missing
files, so to somehow find
New commits:
commit c1322c24b411b4af7cf82a6db34cd6541798adf3
Author: Andrew Cagney
Date: Fri Feb 9 09:03:30 2024 -0500
addconn: don't set default {left,right}updown
Instead handle it in connections.c.
When never-negotiate, ignore the field.
See:
"passthrough":
New commits:
commit ebb9f8965112c7223287e5dc3644771ed746dffa
Author: Andrew Cagney
Date: Fri Feb 9 13:36:46 2024 -0500
libipsecconf: parse <> as <>
commit 5ca9325c0433f658878b5d9a712b393d73afe5f6
Author: Andrew Cagney
Date: Fri Feb 9 13:32:53 2024 -0500
libwhack: don't scramble
1 - 100 of 465 matches
Mail list logo