[Swan-dev] strongswan interop tests
Paul Wouters
paul at nohats.ca
Thu Oct 30 05:12:10 EET 2014
I see the following intermittent changes in strongswan tests:
--- ./east.console.txt 2014-10-19 19:01:15.974509619 -0400
+++ OUTPUT/east.console.txt 2014-10-29 19:34:16.319472120 -0400
@@ -29,7 +29,7 @@
east #
if [ -f /var/run/charon.pid ]; then strongswan status ; fi
Security Associations (1 up, 0 connecting):
-westnet-eastnet-ikev1[1]: ESTABLISHED XXX seconds ago, 192.1.2.23[east]...192.1.2.45[west]
+westnet-eastnet-ikev1[2]: ESTABLISHED XXX seconds ago, 192.1.2.23[east]...192.1.2.45[west]
westnet-eastnet-ikev1{1}: INSTALLED, TUNNEL, ESP SPIs: SPISPI_i SPISPI_o
westnet-eastnet-ikev1{1}: 192.0.2.0/24 === 192.0.1.0/24
east #
Sometimes the number is [1], sometimes [2] and I've also seen [3].
Rerunning it a few times will get it back to [1]. I am not sure what the
number means, so I did not yet want to write a sanitizer for it.
Another difference I see is that some tests removed sending a CERTREQ,
but others added one. This shows up as:
-- ./west.console.txt 2014-10-03 00:00:05.045878037 -0400
+++ OUTPUT/west.console.txt 2014-10-29 19:45:26.958131741 -0400
@@ -53,9 +53,10 @@
sending packet: from 192.1.2.45[500] to 192.1.2.23[500] (XXX bytes)
received packet: from 192.1.2.23[500] to 192.1.2.45[500] (XXX bytes)
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
+sending cert request for "C=ca, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test EC CA, E=testing at libreswan.org"
authentication of 'west' (myself) with pre-shared key
establishing CHILD_SA westnet-eastnet-ikev2
-generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(EAP_ONLY) ]
+generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(EAP_ONLY) ]
sending packet: from 192.1.2.45[4500] to 192.1.2.23[4500] (XXX bytes)
received packet: from 192.1.2.23[4500] to 192.1.2.45[4500] (XXX bytes)
parsed IKE_AUTH response 1 [ IDr AUTH SA TSi TSr ]
I understand the new additions of CERTREQ, not sure why a few test cases
remove those.....
Then we see:
--- ./road.console.txt 2014-07-07 13:14:14.034567484 -0400
+++ OUTPUT/road.console.txt 2014-10-29 19:58:06.324979396 -0400
@@ -4,15 +4,15 @@
Starting strongSwan X.X.X IPsec [starter]...
Loading config setup
Loading conn 'road-eastnet-ikev2'
+ authby=secret
+ auto=add
+ keyexchange=ikev2
left=%defaultroute
leftid=@road
+ leftsubnet=192.1.3.209/32
right=192.1.2.23
rightid=@east
rightsubnet=192.0.2.0/24
- leftsubnet=192.1.3.209/32
- authby=secret
- keyexchange=ikev2
- auto=add
found netkey IPsec stack
road #
echo "initdone"
These seem related to the version of strongswan. I don't see these
flipping between runs.
I've made some minor init/run.sh fixes, and updated the reference
output. I commited this in a new branch "ssw521".
Note I tested these runs on three different machines (laptop, desktop
and swantest). All three systems exhibit the same behaviour.
Paul
More information about the Swan-dev
mailing list