Hello
There was a bit of a thread some time ago concerning upgrading ipsec on
Bering uClibc. I believe the time has come to do so.
The problem shows up if on one side of a connection pair we leave pfs
undefined and on the other side pfs=no. Then pluto crashes and gets
restarted, just to crash at the next connection attempt from the badly
configured peer.
In my ipsec webconf it happens that I add parameters to the
configuration which were missing before, so I never observed the
problem. The default for at least the pfs parameter appears to be wrong
in the ipsec webconf page, but this can be fixed easily.
My openswan version right now is 2.4.7 which is, as far as the CVS
repository tells, the latest and greatest version (at OpenSwan the
current release of the 2.x branch is 2.6.22). The problem depicted here
is a known bug in 2.4.7 :-)
It so happens that there is a kernel patch for ipsec
(openswan-2.4.7.kernel-2.4-klips.patch), which might just be the content
of the openswanx.x.x/linux directory, but I am missing some information
on how this patch was built.
cheers
Erich
------------------------------------------------------------------------------
_______________________________________________
leaf-devel mailing list
leaf-devel@...
https://lists.sourceforge.net/lists/listinfo/leaf-devel
