[vpn-devel] Bug and Patch: 'auto' for phase1 DH resets in Linux ikea

Michael Kenny kennym79web at gmail.com
Fri Sep 3 01:36:01 CDT 2010


Matthew -

I've attached an example. Under Phase 1, the DH Exchange should be auto, but
in the unpatched version it reverts to group 1. And of course if you change
the DH Exchange back to auto and save and bring up the properties again, it
goes back to group 1.

Hope that helps!

- michael


On Thu, Sep 2, 2010 at 9:51 PM, Matthew Grooms <mgrooms at shrew.net> wrote:

> On 9/2/2010 4:33 PM, Michael Kenny wrote:
>
>> I've just recently started using the Shrew Soft VPN Client for Linux and
>> have discovered that it's possibly the best IPSEC client out there. I've
>> been tweaking it a little for my own use and found a couple of minor
>> issues that I think I can help with.
>>
>> When using main rather than aggressive for phase 1, I noted that every
>> time I came back, my DH exchange kept getting changed back to group 1.
>> It's the same behaviour as a bug fixed between 2.1.5 and 2.1.6 with the
>> ASN.1 DN for Local Identity reset to FQDN
>> I've attached a quick fix, but you guys might have a better/cleaner way
>> to do it. I just moved the code for setting the DH group below the
>> function call that resets the combo box.
>>
>>
> Hi Michael,
>
> Thanks again for submitting this patch. Unfortunately, I can't seem to
> reproduce this behavior by setting the exchange mode to main and then
> reloading the site configuration dialog. Can you provide me with a vpn
> export file ( IP and PW sanitized of course ) to test this issue with?
>
> Thanks,
>
> -Matthew
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-devel/attachments/20100903/839d06f9/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: main-dh-auto
Type: application/octet-stream
Size: 962 bytes
Desc: not available
URL: <https://lists.shrew.net/pipermail/vpn-devel/attachments/20100903/839d06f9/attachment-0003.obj>


More information about the vpn-devel mailing list