[Swan-dev] interop-ikev2-racoon-02-psk-responder test
Paul Wouters
paul at nohats.ca
Sun Aug 30 21:40:28 EEST 2015
On Sun, 30 Aug 2015, D. Hugh Redelmeier wrote:
> Subject: [Swan-dev] interop-ikev2-racoon-02-psk-responder test
>
> I just ran the test suite to test some changes before committing them.
> The only regression (i.e. the only test that passed yesterday but failed
> today) is interop-ikev2-racoon-02-psk-responder.
>
> It fails with this message in the console log:
> +002 "westnet-eastnet-ikev2" #2: invalid padding-length octet: 0x23
>
> I think that this is an oblique way of saying that the encrypted payload
> is smells bad and will be rejected. If so, it isn't really user-friendly.
This message has appeared a long time ago when Andrew redid our CBC-only
crypto to CBC/CTR/GCM. We could never figure out why racoon did this. As
other interop tests with stronswan worked fine. I think this might be a
bug in racoon2. No one is really using or developing racoon2 AFAIK. In
fact, racoon1 (aka ipsec-tools) sees more development still, but has no
IKEv2 support.
Paul
More information about the Swan-dev
mailing list