Re: [Ipsec-tools-devel] connection problems for a vpn connection using certificate only authenticat

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

Is that Switch case in isakmp_cfg is required?

Cant we call the phase1 script based on the status iph1->status established
or not?

Just asking why that switch case is required?

On Tue, Sep 4, 2012 at 12:18 PM, Timo Teras <tim...@ik...> wrote:

> Hi,
>
> On Wed, 29 Aug 2012 14:25:17 +0200 Martin Huter <mh...@ba...>
> wrote:
>
> > the phase1 script hook (SCRIPT_PHASE1_UP) is not called for a
> > vpn connection using the certificate only authentication method
> > (without xauth, OAKLEY_ATTR_AUTH_METHOD_RSASIG). patch attached.
>
> > diff -NaurbB ipsec-tools-0.8.0.orig/src/racoon/isakmp_cfg.c
> ipsec-tools-0.8.0/src/racoon/isakmp_cfg.c
> > --- ipsec-tools-0.8.0.orig/src/racoon/isakmp_cfg.c    2012-08-29
> 14:19:01.002311264 +0200
> > +++ ipsec-tools-0.8.0/src/racoon/isakmp_cfg.c 2012-08-29
> 14:19:14.260425870 +0200
> > @@ -457,6 +457,7 @@
> >               case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I:
> >               case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_I:
> >               case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_I:
> > +             case OAKLEY_ATTR_AUTH_METHOD_RSASIG:
> >                       script_hook(iph1, SCRIPT_PHASE1_UP);
> >                       break;
> >               default:
>
> Hum, so you use Mode Configuration, but not Xauth ?
>
> Your patch does not update the similar switch in isakmp.c, which might
> lead to duplicate phase1_up script executions.
>
> However, I'm thinking if the whole switch(authmethod) is bogus and
> should be deleted. Then we could just unconditionally post-pone the
> script launch if Mode Config was used.
>
> -Timo
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Ipsec-tools-devel mailing list
> Ips...@li...
> https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel
>

Re: [Ipsec-tools-devel] connection problems for a vpn connection using certificate only authenticat

Re: [Ipsec-tools-devel] connection problems for a vpn connection using certificate only authentication