-----Ursprüngliche Nachricht-----
Von: "René Gallati" <CAPSsecurityFOR_at_SPAMMERSdraxinusom.ch.freeswan.org>
An: <users_at_lists.freeswan.org>
Gesendet: Mittwoch, 24. Juli 2002 19:25
Betreff: [Users] Freeswan works but some annoyances
[snip]
> in /etc/ipsec.conf (on both sides!) Today for example, the other party
> meddled around with their system, tearing the connections down and
building
> them up anew. Of course they don't get deleted on my side since FreeSWAN
> ignores the "Delete SA" message but they still linger around. Eventually
> they time out. This wouldn't be so bad if it wouldn't compromise security
> however. I could observe (with Ethereal) that after that happend, I
suddenly
> had "half-open" tunnels around. The other side had its tunnel closed and
> sent me a ping in cleartext while my system replied using an ESP packet.
The
> encrypted packet could not be associated with the data stream and got
> discarded on the remote side with the result that I was unable to initiate
> any connection of any kind to the remote side. Until I torn the connection
> down on my end and built it up again.
[snip]
Did you patch your version of freeswan with the notification/delete-patch
from
Mathieu Lafon. There is a new version available for freeswan1.98b since
yesterday.
http://open-source.arkoon.net/freeswan/notify_delete-freeswan-1.98b-020724.d
iff.gz
It works great...
Regards, Adrian
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:26 CEST