Hi,
 
Is that Switch case in isakmp_cfg is required?
 
Cant we call the phase1 script based on the status iph1->status established or not?
 
Just asking why that switch case is required?

On Tue, Sep 4, 2012 at 12:18 PM, Timo Teras <timo.teras@iki.fi> wrote:
Hi,

On Wed, 29 Aug 2012 14:25:17 +0200 Martin Huter <mhuter@barracuda.com>
wrote:

> the phase1 script hook (SCRIPT_PHASE1_UP) is not called for a
> vpn connection using the certificate only authentication method
> (without xauth, OAKLEY_ATTR_AUTH_METHOD_RSASIG). patch attached.

> diff -NaurbB ipsec-tools-0.8.0.orig/src/racoon/isakmp_cfg.c ipsec-tools-0.8.0/src/racoon/isakmp_cfg.c
> --- ipsec-tools-0.8.0.orig/src/racoon/isakmp_cfg.c    2012-08-29 14:19:01.002311264 +0200
> +++ ipsec-tools-0.8.0/src/racoon/isakmp_cfg.c 2012-08-29 14:19:14.260425870 +0200
> @@ -457,6 +457,7 @@
>               case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I:
>               case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_I:
>               case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_I:
> +             case OAKLEY_ATTR_AUTH_METHOD_RSASIG:
>                       script_hook(iph1, SCRIPT_PHASE1_UP);
>                       break;
>               default:

Hum, so you use Mode Configuration, but not Xauth ?

Your patch does not update the similar switch in isakmp.c, which might
lead to duplicate phase1_up script executions.

However, I'm thinking if the whole switch(authmethod) is bogus and
should be deleted. Then we could just unconditionally post-pone the
script launch if Mode Config was used.

-Timo

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Ipsec-tools-devel mailing list
Ipsec-tools-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel