[vpn-devel] Always create a NONE policy to a peer
Vytautas Krakauskas
vytautas at litnet.lt
Mon Jan 4 08:30:47 CST 2010
Hello everybody,
I have ran into a situation with a Cisco ASA and Shrew v2.1.5 where VPN
gateway is in a split-tunneled network, e.g.:
split-tunnel network: A.B.C.0/24
and the VPN gateway IP: A.B.C.1
The client seems to connect to it but no data can pass and it soon
disconnects (a timeout I guess).
I have tried to solve the problem on my own, and came up with solution
always to add a NONE policy by setting "tunnel->force_all = true"
(attached a patch against linux source v2.1.5-release).
Now while it works for me, I am not sure if this is a correct way to fix
the problem. Does any one know if this could lead to a any problems in
other setups? If yes, what would be a correct solution? If no, could
this be added to the source?
Best regards
--
Vytautas Krakauskas
LITNET CERT
Phone: +370 37 300645
Email: vytautas at litnet.lt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ike1.patch
Type: text/x-diff
Size: 379 bytes
Desc: not available
URL: <https://lists.shrew.net/pipermail/vpn-devel/attachments/20100104/a997022c/attachment-0002.bin>
More information about the vpn-devel
mailing list