Hi Martin, the patch works for me too, in case my leftsubnet is 0/0 I still see the message "sending UNITY_SPLIT_INCLUDE: 0.0.0.0/0", but it works .
But when I try another connection between charon as client and pluto as server which has a rightsubnet defined and the unity plugin is loaded on the Charon side, it does not work: "cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===..." It seems that during the phase II handshake, Charon submits 0/0 instead of the given rightsubnet. As soon as I unload the unity plugin the rightsubnet is submitted correctly again. Would it make sense to disable unity if a rightsubnet other than 0/0 is given? Regards Gerald > -----Original Message----- > From: [email protected] [mailto:users- > [email protected]] On Behalf Of Igor > Sent: Wednesday, November 21, 2012 8:58 PM > To: Martin Willi > Cc: [email protected]; Gerald Richter - ECOS > Subject: Re: [strongSwan] --enable-unity bug? > > patch works great :) > > Bests, > -Igor > > > On Wed, Nov 21, 2012 at 5:14 PM, Martin Willi <[email protected]> > wrote: > > Hi Gerald, > > > >> If you can provide a patch, I can test it against iOS5 and iOS6 > > > > Please try the attached, but completely untested patch. It should omit > > Split-Include attributes for 0.0.0.0/0 selectors. It might require [1] > > on top of 5.0.1 to apply cleanly. > > > > Regards > > Martin > > > > [1]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=6e8f88db > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
