Tim Stewart writes:
> On 3/30/19 3:11 PM, Tobias Heider wrote:
>> Hi Stuart,
>>
>> I'm glad to see people are using this.
>> There's some smaller fixes that I haven't sent to the list yet, so
>> probably I'll send an updated diff on monday.
&
On 3/30/19 3:11 PM, Tobias Heider wrote:
Hi Stuart,
I'm glad to see people are using this.
There's some smaller fixes that I haven't sent to the list yet, so
probably I'll send an updated diff on monday.
I plan to start using this patch this week, likely as soon as you send
the updated diff.
Hello tech@,
Here is a small initial patch related to message fragmentation.
ikev2_msg_decrypt() claims to strip the padding from the decrypted IKE
payloads, but actually leaves it tacked on the end of the returned ibuf.
This is fine in the unfragmented case since the inner payloads have
thei
on such work. If not, perhaps someone that is familiar with the code
could suggest an approach at a high level?
Thanks for any advice,
-TimS
[1] Whenver I've asked, the reason is usually something about DDoS
prevention.
--
Tim Stewart
---
Mail: t...@stoo.org
M
Patrick Wildt writes:
> On Mon, Nov 27, 2017 at 06:12:22PM +0100, Patrick Wildt wrote:
>> On Mon, Nov 27, 2017 at 04:21:08PM +0100, Patrick Wildt wrote:
>> > On Wed, Nov 22, 2017 at 05:26:24PM +0100, Patrick Wildt wrote:
>> > > On 2017/06/25 21:44, Tim Stewart wrot
Apologies for disappearing for a while. I was moving across town and I
had to drop many things!
Stuart Henderson writes:
> On 2017/06/25 21:44, Tim Stewart wrote:
>> Hi,
>>
>> In this message I've tried to encode everything I've done to allow
>> stron
Stuart Henderson writes:
> On 2017/10/21 14:52, Tim Stewart wrote:
>> Stuart Henderson writes:
>>
>> > On 2017/10/21 12:04, Tim Stewart wrote:
>> >> *49727 296965 0 0 7 0x14200crynlk
>> >
>> > aha, it was
Stuart Henderson writes:
> On 2017/10/21 12:04, Tim Stewart wrote:
>> *49727 296965 0 0 7 0x14200crynlk
>
> aha, it was that one. Try this diff on top.
>
> Index: fpu.c
> ===
Stuart Henderson writes:
> On 2017/10/21 10:33, Tim Stewart wrote:
>> I don't have much experience with capturing OpenBSD kernel panics. I've
>> set up screen on another system so that I'll have a log of serial
>> console activity (this is an apu2c4) and hav
Tim Stewart writes:
> Martin Pieuchot writes:
>
>> On 11/10/17(Wed) 17:01, Martin Pieuchot wrote:
>>> OpenBSD 6.2 includes nice performance and latency improvements due to
>>> the work done in the Network Stack in the previous years. However as
>>> soon a
up to
capture crash information, and there are no dumps in /var/crash/.
I don't have much experience with capturing OpenBSD kernel panics. I've
set up screen on another system so that I'll have a log of serial
console activity (this is an apu2c4) and have set ddb.consol
Is there anything I can do to help? Meanwhile, I'll be watching this
space for more patches.
-TimS
--
Tim Stewart
---
Mail: t...@stoo.org
Matrix: @tim:stoo.org
viq writes:
> On 17-07-18 23:20:26, Tim Stewart wrote:
>> viq writes:
>>
>> > On 17-06-25 21:44:24, Tim Stewart wrote:
>> >> Hi,
>> >>
>> >> In this message I've tried to encode everything I've done to allow
>> >&g
viq writes:
> On 17-06-25 21:44:24, Tim Stewart wrote:
>> Hi,
>>
>> In this message I've tried to encode everything I've done to allow
>> strongSwan on Android to connect with iked, including the latest patch.
>> I have also verified that it breaks
s.
Stuart Henderson writes:
> On 2017/05/22 01:52, Tim Stewart wrote:
>> Hello again,
>>
>> Tim Stewart writes:
>>
>> > Tim Stewart writes:
>> >
>> >> This patch teaches iked to reject a KE with a Notify payload of type
>> >>
Tim Stewart writes:
> A sample configuration:
>
> ikev2 "win10host" passive esp \
> from 0.0.0.0/0 to 10.1.1.51 \
> local any peer any \
> ikesa auth hmac-sha2-384 enc aes-256 prf hmac-sha2-384 group modp2048 \
> childsa enc aes-256-gcm group modp2048 \
>
Hello again,
Tim Stewart writes:
> Tim Stewart writes:
>
>> This patch teaches iked to reject a KE with a Notify payload of type
>> INVALID_KE_PAYLOAD when the KE uses a different Diffie-Hellman group
>> than is configured locally. The rejection indicates the desir
Tim Stewart writes:
> This patch teaches iked to reject a KE with a Notify payload of type
> INVALID_KE_PAYLOAD when the KE uses a different Diffie-Hellman group
> than is configured locally. The rejection indicates the desired
> group.
>
> In my environment, this patch allow
Here is a version of the previous patch that preserves tabs properly.
Apologies.
-TimS
Index: parse.y
===
RCS file: /cvs/src/sbin/iked/parse.y,v
retrieving revision 1.65
diff -u -p -r1.65 parse.y
--- parse.y 24 Apr 2017 07:07:25
This patch teaches iked to reject a KE with a Notify payload of type
INVALID_KE_PAYLOAD when the KE uses a different Diffie-Hellman group
than is configured locally. The rejection indicates the desired group.
In my environment, this patch allows stock strongSwan on Android from
the Google Play st
A sample configuration:
ikev2 "win10host" passive esp \
from 0.0.0.0/0 to 10.1.1.51 \
local any peer any \
ikesa auth hmac-sha2-384 enc aes-256 prf hmac-sha2-384 group modp2048 \
childsa enc aes-256-gcm group modp2048 \
srcid "/C=US/ST=New York/L=NYC/O=Stoo Labs/OU=iked/CN=foo.stoo.org"
21 matches
Mail list logo
