Re: iked: load explicit flows for ipip/ipcomp

ok On Sun, Nov 05, 2017 at 10:39:18PM +0100, Patrick Wildt wrote: > Hi, > > for IPcomp we need to load explicit ESP-flows for the IPIP or IPCOMP > tunneled packets, otherwise every packet between the gateways will > be sent into the tunnel (e.g. ICMP, too). > > ok? > > Patrick > > diff --git

Re: ikev2: follow rfc5903 correctly (ECP Groups)

ok 2017-10-24 16:25 GMT+02:00 Patrick Wildt : > Hi, > > in the final RFC 5903 the computation for the DH shared secret changed. > Instead of the full point, only the X point is included. Unfortunately > this is a backwards incompatible change, so older ikeds won't be com- >

Re: iked: support multiple subjectAltNames

ok 2017-10-19 15:40 GMT+02:00 Patrick Wildt : > Hi, > > so far, even if we look for our own cert, we only match the id against > the first subjectAltName. This means we cannot use certificates where > we actually need a different one. This diff changes the behaviour so > that

Re: tcpbench(4) support for AF_UNIX

schaut gut aus, hab aber nicht probiert. 2016-07-20 16:09 GMT+02:00 Claudio Jeker : > For testing I want to abuse tcpbench to work over AF_UNIX sockets. > This diff does exactly that with minimal extras. Especially the unix > socket is not removed from the filesystem

Re: ecdsa support in iked

a support. > > The ecdsa signature should contain only plain r and s, so the signature is > converted to that format. I’ve tested compatibility with OSX and IOS and both > seem to be working fine. > > Regards, > > René commit 75b98b0bfa99284850f5b8b501e973cd71a7ae5e Author: M

ipsec/ipv6 refactor

Hi, this matches the IPsec/IPv4 change I committed back in December, but since I don't have extensive IPv6 setups it's still not committed. Please test, give feedback and it will finally go into the next release. Thanks, -m ipv6ipsec-refactor.diff Description: Binary data

Re: Send hostname to remote host with syslogd

fwiw, this is what i have in my tree for some time now: Index: syslogd.c === RCS file: /cvs/src/usr.sbin/syslogd/syslogd.c,v retrieving revision 1.104 diff -u -p -u -r1.104 syslogd.c --- syslogd.c 12 Jul 2011 11:28:31 -

Re: [patch] Re: hacking pfkey: a few questions

yes, just writing an appropriate isakmpd.policy file should work:: Authorizer: POLICY Conditions: app_domain == IPsec policy ( remote_filter != 000.000.000.000-255.255.255.255 ) - true; On Tue, Apr 13, 2010 at 12:10:27PM +1000, Damien Miller wrote: On Mon, 12 Apr 2010, Toni Mueller