[vpn-devel] Always create a NONE policy to a peer
Matthew Grooms
mgrooms at shrew.net
Tue Jan 5 22:52:42 CST 2010
On 1/4/2010 8:30 AM, Vytautas Krakauskas wrote:
> Hello everybody,
>
> I have ran into a situation with a Cisco ASA and Shrew v2.1.5 where VPN
> gateway is in a split-tunneled network, e.g.:
>
> split-tunnel network: A.B.C.0/24
> and the VPN gateway IP: A.B.C.1
>
> The client seems to connect to it but no data can pass and it soon
> disconnects (a timeout I guess).
>
> I have tried to solve the problem on my own, and came up with solution
> always to add a NONE policy by setting "tunnel->force_all = true"
> (attached a patch against linux source v2.1.5-release).
>
> Now while it works for me, I am not sure if this is a correct way to fix
> the problem. Does any one know if this could lead to a any problems in
> other setups? If yes, what would be a correct solution? If no, could
> this be added to the source?
>
Hi Vytautas,
Thanks for both the bug report and the patch. This problem was fixed
just a few weeks ago in both the head and the 2.1 maintenance branch.
The changes were included in the 2.1.6 beta 2 build. Please see the
changelog for more details ...
http://www.shrew.net/download/changelog/ike/2.1.6-beta-2
Thanks again,
-Matthew
More information about the vpn-devel
mailing list