On Sat, Oct 07, 2017 at 12:02:59PM +0200, [email protected] wrote: > I also couldn't stay away and found some time today to look into it. I > have added a solution and two test cases to lsw299, which I think worked >now properly.
Wow It is great to receive patches with tests, thanks. Are you running the full KVM test suite? because you patched testing/baseconfigs/east/etc/ipsec.d/passwd I had quick look. I will push the testcases. I will not apply the fix yet. There are some red flags here. May be some of the issues I am noticing now are not new. > We use this feature for years without problems. Sure it is not optimal, > but it > works. The static address pool is only temporary installed to assign the user > defined static ip to the client and deleted once the instance is gone. why you specify range per user? +use6:xOzlFlqtwJIu2:east-any:192.0.2.101-192.0.2.200 If you do that things will likely get messy. > Having multiple address pools on one connection would be a nice thing, but > I think it is not easy to implement. yes. multiple connections sharing exact pools is supported. I don't see a need for multiple pools per connection yet. If the address from the xauth file is made into an addresspool, used only by this specific instance. I would add a variable in "struct ip_pool" to indicate "do not share this pool". > Overlapping ip addresses in global and static pools are configuration problems > and the log clearly show the user that he need to configure to separate pools. I don't think it will work as you imagine. Currently if an addrsspool is added in via xauth password file. That pool could be shared. regards, -antony _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
