|
Description
|
Spin off from 6314433...
ikeadm and in.iked should disallow the the addition of two preshared key definitions with the same constraints, so as to avoid confusion by the del/get subcommands of ikeadm...
i.e. if we had 2 different keys with the same parameters
{
localidtype IP
localid 10.8.20.32
remoteidtype IP
remoteid 10.8.20.31
key deaddeaddeaddeaddeaddead
}
{
localidtype IP
localid 10.8.20.32
remoteidtype IP
remoteid 10.8.20.31
key beefbeefbeefbeefbeefbeef
}
You get behavior like this:
# ikeadm
ikeadm> get preshared 10.8.20.32 10.8.20.31
PSKEY: For <unspecified> exchanges
PSKEY: Pre-shared key (12 bytes): deaddeaddeaddeaddeaddead/96
LOCIP: Address:
LOCIP: AF_INET: port 0, 10.8.20.32 (netrabarn).
REMIP: Address:
REMIP: AF_INET: port 0, 10.8.20.31 (biero).
ikeadm> get preshared 10.8.20.32 10.8.20.31
PSKEY: For <unspecified> exchanges
PSKEY: Pre-shared key (12 bytes): deaddeaddeaddeaddeaddead/96
LOCIP: Address:
LOCIP: AF_INET: port 0, 10.8.20.32 (netrabarn).
REMIP: Address:
REMIP: AF_INET: port 0, 10.8.20.31 (biero).
ikeadm> del preshared 10.8.20.32 10.8.20.31
ikeadm: Successfully deleted selected preshared key.
ikeadm> get preshared 10.8.20.32 10.8.20.31
PSKEY: For <unspecified> exchanges
PSKEY: Pre-shared key (12 bytes): beefbeefbeefbeefbeefbeef/96
LOCIP: Address:
LOCIP: AF_INET: port 0, 10.8.20.32 (netrabarn).
REMIP: Address:
REMIP: AF_INET: port 0, 10.8.20.31 (biero).
ikeadm> del preshared 10.8.20.32 10.8.20.31
ikeadm: Successfully deleted selected preshared key.
ikeadm> get preshared 10.8.20.32 10.8.20.31
ikeadm: Could not find requested preshared key.
ikeadm> quit
#
|