[oe-commits] [meta-openembedded] 31/34: vpnc: Reduce lifetime value to widely-compatible value
git at git.openembedded.org
git at git.openembedded.org
Sat Sep 2 06:49:59 UTC 2017
This is an automated email from the git hooks/post-receive script.
martin_jansa pushed a commit to branch master-next
in repository meta-openembedded.
commit 016087498966557c37b5e1a76d25b0132f582661
Author: Will Page <Will.Page at ni.com>
AuthorDate: Fri Sep 1 18:54:55 2017 +0300
vpnc: Reduce lifetime value to widely-compatible value
Current proposed lifetime value (2147483 seconds, which equates to
MAXINT ms, or ~25 days) is rejected by Fortigate vpn devices because
"peer SA proposal does not match local policy". It seems default
policy for these devices constrains lifetime where similar VPN devices
don't.
Reducing the lifetime from its current value to 28800 (exactly 8 hours)
causes it to start working with fortigate devices.
Signed-off-by: Will Page <Will.Page at ni.com>
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu at ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
---
.../vpnc/vpnc/0009-reduce-lifetime-value.patch | 42 ++++++++++++++++++++++
.../recipes-connectivity/vpnc/vpnc_0.5.3.bb | 1 +
2 files changed, 43 insertions(+)
diff --git a/meta-networking/recipes-connectivity/vpnc/vpnc/0009-reduce-lifetime-value.patch b/meta-networking/recipes-connectivity/vpnc/vpnc/0009-reduce-lifetime-value.patch
new file mode 100644
index 0000000..2bed550
--- /dev/null
+++ b/meta-networking/recipes-connectivity/vpnc/vpnc/0009-reduce-lifetime-value.patch
@@ -0,0 +1,42 @@
+From 39925f090c21ab571ebc6ec250696f7f7093a2a6 Mon Sep 17 00:00:00 2001
+From: Will Page <Will.Page at ni.com>
+Date: Wed, 30 Aug 2017 18:14:00 -0700
+Subject: [PATCH 1/1] Reduce lifetime value to widely-compatible value
+
+Current proposed lifetime value (2147483 seconds, which equates to
+MAXINT ms, or ~25 days) is rejected by Fortigate vpn devices because
+"peer SA proposal does not match local policy". It seems default
+policy for these devices constrains lifetime where similar VPN devices
+don't.
+
+Reducing the lifetime from its current value to 28800 (exactly 8 hours)
+causes it to start working with fortigate devices.
+---
+ vpnc.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/vpnc.c b/vpnc.c
+index 36dd0f3..3e0fcba 100644
+--- a/vpnc.c
++++ b/vpnc.c
+@@ -1135,7 +1135,7 @@ static struct isakmp_attribute *make_transform_ike(int dh_group, int crypt, int
+ a->af = isakmp_attr_lots;
+ a->u.lots.length = 4;
+ a->u.lots.data = xallocc(a->u.lots.length);
+- *((uint32_t *) a->u.lots.data) = htonl(2147483);
++ *((uint32_t *) a->u.lots.data) = htonl(28800);
+ a = new_isakmp_attribute_16(IKE_ATTRIB_LIFE_TYPE, IKE_LIFE_TYPE_SECONDS, a);
+ a = new_isakmp_attribute_16(IKE_ATTRIB_AUTH_METHOD, auth, a);
+ a = new_isakmp_attribute_16(IKE_ATTRIB_GROUP_DESC, dh_group, a);
+@@ -2561,7 +2561,7 @@ static struct isakmp_attribute *make_transform_ipsec(struct sa_block *s, int dh_
+ a->af = isakmp_attr_lots;
+ a->u.lots.length = 4;
+ a->u.lots.data = xallocc(a->u.lots.length);
+- *((uint32_t *) a->u.lots.data) = htonl(2147483);
++ *((uint32_t *) a->u.lots.data) = htonl(28800);
+ a = new_isakmp_attribute_16(ISAKMP_IPSEC_ATTRIB_SA_LIFE_TYPE, IPSEC_LIFE_SECONDS, a);
+
+ if (dh_group)
+--
+2.7.4
+
diff --git a/meta-networking/recipes-connectivity/vpnc/vpnc_0.5.3.bb b/meta-networking/recipes-connectivity/vpnc/vpnc_0.5.3.bb
index 6f92acd..ea21799 100644
--- a/meta-networking/recipes-connectivity/vpnc/vpnc_0.5.3.bb
+++ b/meta-networking/recipes-connectivity/vpnc/vpnc_0.5.3.bb
@@ -20,6 +20,7 @@ SRC_URI = "git://github.com/ndpgroup/vpnc \
file://0006-sysdep-Add-header-include-sequence-to-adjust-for-mus.patch \
file://0007-add-error-API-when-error.h-is-not-on-platform.patch \
file://0008-include-sysdep.h-before-net-if_tun.h.patch \
+ file://0009-reduce-lifetime-value.patch \
"
PACKAGECONFIG ?= "gnutls"
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list