Mitja Mu>enih wrote:
It is not a problem within isakmpd, it will accept IPV4_ADDR_SUBNET of size /32. As I already explained to you in a private mail, ipsecctl will export both 192.168.1.249 and 192.168.1.249/32 into IPV4_ADDR=192.168.1.249 while your windows client is sending IPV4_ADDR_SUBNET for 192.168.1.249/32, and this will not match.
Does NCP client violate some RFC by sending IPV4_ADDR_SUBNET for 192.168.1.249/32 ?
I have looked into changing this ipsecctl's behaviour but I can't find a clean way to do it.
Thats fine. AFAICS most IPsec installations will work on "real" subnets, so probably it is not so important. I stumbled over this just in an evaluation environment. Many thanx to all Harri
