[Bug 1451091] Re: new upstream version 5.2.2
Bruno Thomsen
bth at kamstrup.dk
Fri Jun 26 09:55:46 UTC 2015
The current version of Strongswan (5.1.2) does not work with newer versions of pfSense (Strongswan 5.3.2 based).
When using IPsec IKEv2/PSK the identity type is now prefixed leftid and rightid for better matching.
The change requires at least Strongswan 5.2.2 but newest upstream is 5.3.2.
Source: https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection
left|rightid = <id>
Since 5.2.2 it is possible to enforce a specific identity type. For this a prefix may be used, followed by a colon (:).
If the number sign (#) follows the colon, the remaining data is interpreted as hex encoding, otherwise the string is used as-is
as the identification data. Note that this implies that no conversion is performed for non-string identities.
For example, ipv4:10.0.0.1 does not create a valid ID_IPV4_ADDR IKE identity, as it does not get converted to binary
0x0a000001. Instead, one could use ipv4:#0a000001 to get a valid identity, but just using the implicit type with automatic
conversion is usually simpler. The same applies to the ASN.1 encoded types.
The following prefixes are known: ipv4, ipv6, rfc822, email, userfqdn, fqdn, dns, asn1dn, asn1gn and keyid.
Custom type prefixes may be specified by surrounding the numerical type value with curly brackets.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to strongswan in Ubuntu.
https://bugs.launchpad.net/bugs/1451091
Title:
new upstream version 5.2.2
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1451091/+subscriptions
More information about the Ubuntu-server-bugs
mailing list