New commits:
commit 839b259e14e3d83860d54e7573c34a3096c04c50
Author: Paul Wouters <[email protected]>
Date: Mon Aug 20 18:59:26 2018 -0400
pluto: can_share_lease() should also not share for ID_IP type
This is because two clients behind the same NAT have the same "thatid"
that is used to determine if a returning connection is the same client.
For authby=psk the clients often send ID_IP. There is no guarantee that
a dynamic IP isn't used for a new/different client which should not
inherit the same lease that could have open connections to remote sides.
Note that can_share_lease() already didn't share leases for PSK, so
this change should not have any effect. ID_IP is not used when using
certificates, which use either ID_FQDN or ID_DER_ASN_DN.
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
