[Vpn-help] Fix for faulty remote ID checking ...
Matthew Grooms
mgrooms at shrew.net
Fri Sep 15 18:14:49 CDT 2006
Peter Eisch wrote:
> On 9/15/06 12:24 PM, "Matthew Grooms" <mgrooms at shrew.net> wrote:
>
>>> It would seem to me that the client should make some effort to auth the
>>> server given the policy. Oddly I like the behavior, but it doesn't seem
>>> to make any sense or could be seen to be a security hole.
>>>
>>> Bewildered,
>>>
Peter,
Well, that wasn't fun. I ran out of state bits so I had to split the
life and transmit state into two bit masks. This meant I had to touch
every state set/check in ipsecd. Anyhow, here is the result ...
------------------------------------------------------------------------
r635 | mgrooms | 2006-09-15 16:10:41 +0000 (Fri, 15 Sep 2006) | 3 lines
Split the SA state flags into life stat and transmit state flags. We ran
out of bit flags.
Rework the peer identity check code. Match the ID values and optionally
send a notification when a failure occurs.
------------------------------------------------------------------------
http://www.shrew.net/vpn/vpn-client-1.1-beta-4.exe
All,
If everyone likes this build, it will get tagged as RC1. After which, I
will be blazing a trail towards a stable 2.0 which will be an immense
improvement with respect to the kernel driver architecture.
If you have the time, please help test!
Thanks,
-Matthew
More information about the vpn-help
mailing list