Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] authby secret and rsasig

From: Henry Spencer (henry_at_spsystems.net)
Date: Wed Jun 19 2002 - 15:48:16 CEST

Next message: Jimmy Hedman: "[Users] Problems with W2k client"
Previous message: Linas Vepstas: "Re: [Users] NAT except for 2 addresses"
In reply to: Andreas Marbet: "[Users] authby secret and rsasig"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Sun, 16 Jun 2002, Andreas Marbet wrote:
> All connection definitions are road-warriors (0.0.0.0). Everything is
> working well as long as I either use only rsasigs OR secrets, as soon as I
> have both connection types in ipsec.conf, the zywall connection is
> instantiated as a rsasig connection and then of course aborted. rsasig
> connections still work.
> Freeswan doesn't check the ID of the connection first.

FreeS/WAN *doesn't know* the ID of the connection at the time when it has
to make this decision. This is a protocol design defect, not something
that can be fixed by smarter coding.

The bug noted in the docs is not "the software is stupid" but "the config
file lets you specify things that cannot be implemented".

Henry Spencer
henry_at_spsystems.net

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Jimmy Hedman: "[Users] Problems with W2k client"
Previous message: Linas Vepstas: "Re: [Users] NAT except for 2 addresses"
In reply to: Andreas Marbet: "[Users] authby secret and rsasig"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:17 CEST