New commits:
commit d2a231c8d5223078c18f0b6728936110507138ad
Author: Paul Wouters <[email protected]>
Date: Sun May 13 20:59:04 2018 -0400
IKEv2: don't skip replacing conn on INITIAL CONTACT
as document in the added comment:
Ideally, we would return here for IKEv2 when we have not seen INITIAL
CONTACT,
but our code currently does not handle this properly. Especially
addresspool based
connections would end up with two connection instances competing for a
single IPsec SA.
We can re-instate this check once we can detect the current conn is
replacing the existing
conn and is not a second conn for a different IPsec which only shares
the IKE SA.
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
