[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: something broken in isakmpd since 3.5



> Here's a patch (in two versions) that we would appreciate if you could
> test for us.

I just did the test with 3.5-RELEASE and it worked fine, thanks!


While we are at it I also noticed the following, when using
IPV4_ADDR_SUBNET as ID type for phase 1, instead of then default
IPV4_ADDR:

[...]
153524.777484 Negt 40 ike_phase_1_recv_ID: USER_FQDN:
153524.777916 Negt 40 74657374 616c6578 4070726f 67692e6c 616d
153524.778392 Exch 40 exchange_run: exchange 0x3c066900 finished step 0,
advancing...
153524.778842 Misc 30 ipsec_responder: phase 1 exchange 4 step 1
153524.821205 Cryp 40 crypto_init: key:
153524.821633 Cryp 40 98f8614e a91fefdf
153524.822095 Cryp 50 crypto_init_iv: initialized IV:
153524.822520 Cryp 50 d218f186 60afed2e
153524.823015 Default ike_phase_1_send_ID: unsupported ID type 4
153524.823487 Default exchange_run: doi->responder (0x3c066b00) failed


I know this was supported before. It's unclear to me what the rfc says (I
found it in 2407) but I think IPSEC_ID_IPV4_ADDR is a valid phase 1 ID,
isnt it ?

Regards,
Alexandre