[Ipsec-tools-devel] problems with IKE & exact proposal check

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

When you set proposal_check to exact, and don't specify
a lifebyte, two hosts fail to connect. This appears to
be because the lifebytes in the proposal don't match;
in the case sent over the wire, it's zero, on the local
host, it's IPSECDOI_ATTR_SA_LD_KB_MAX  (#defined to
(~(1 << ((sizeof(int) << 3) - 1)))).

Shouldn't what racoon expects and sends be the same?
Or should the check in proposal.c explicitly check
that the local isn't -1?

Bill