[Swan-dev] new test failures
Paul Wouters
paul at nohats.ca
Wed Jul 13 20:58:29 UTC 2016
On Wed, 13 Jul 2016, D. Hugh Redelmeier wrote:
> There were some new failures that should be looked at. Perhaps the
> reference logs are wrong.
>
>
> --- MASTER/nflog-02-conn/west.console.txt
> +++ OUTPUT/nflog-02-conn/west.console.txt
> @@ -85,11 +85,11 @@
> 64 bytes from 192.0.2.254: icmp_seq=2 ttl=64 time=0.XXX ms
> 64 bytes from 192.0.2.254: icmp_seq=3 ttl=64 time=0.XXX ms
> 64 bytes from 192.0.2.254: icmp_seq=4 ttl=64 time=0.XXX ms
> -8 packets captured
> -8 packets received by filter
> -0 packets dropped by kernel
> 64 bytes from 192.0.2.254: icmp_seq=5 ttl=64 time=0.XXX ms
> --- 192.0.2.254 ping statistics ---
> +10 packets captured
> +10 packets received by filter
> +0 packets dropped by kernel
> 5 packets transmitted, 5 received, 0% packet loss, time XXXX
I see this change too. Seems timing related?
> --- MASTER/interop-ikev1-strongswan-12-esp-sha2_256/west.console.txt
> +++ OUTPUT/interop-ikev1-strongswan-12-esp-sha2_256/west.console.txt
> @@ -98,9 +98,9 @@
> Security Associations (1 up, 0 connecting):
> westnet-eastnet-ikev1[1]: ESTABLISHED XXX seconds ago, 192.1.2.45[west]...192.1.2.23[east]
> westnet-eastnet-ikev1[1]: IKEv1 SPIs: SPISPI_i* SPISPI_r, pre-shared key reauthentication in 2 hours
> -westnet-eastnet-ikev1[1]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072
> +westnet-eastnet-ikev1[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
> westnet-eastnet-ikev1{1}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: SPISPI_i SPISPI_o
> -westnet-eastnet-ikev1{1}: AES_CBC_128/HMAC_SHA2_256_128/MODP_1536, XXX bytes_i (4 pkts, XXs ago), XXX bytes_o (4 pkts, !
> +westnet-eastnet-ikev1{1}: AES_CBC_128/HMAC_SHA2_256_128, XXX bytes_i (4 pkts, XXs ago), XXX bytes_o (4 pkts, XXs ago), !
> westnet-eastnet-ikev1{1}: 192.0.1.0/24 === 192.0.2.0/24
sha1 instead of sha256? Could it be an older strongswan?
I cannot reproduce it with strongswan 5.4.0
> --- MASTER/interop-ikev1-strongswan-13-esp-sha2_512/west.console.txt
> +++ OUTPUT/interop-ikev1-strongswan-13-esp-sha2_512/west.console.txt
> @@ -98,10 +98,10 @@
> Security Associations (1 up, 0 connecting):
> westnet-eastnet-ikev1[1]: ESTABLISHED XXX seconds ago, 192.1.2.45[west]...192.1.2.23[east]
> westnet-eastnet-ikev1[1]: IKEv1 SPIs: SPISPI_i* SPISPI_r, pre-shared key reauthentication in 2 hours
> -westnet-eastnet-ikev1[1]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072
> +westnet-eastnet-ikev1[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
Same.
> ================
> --- MASTER/interop-ikev1-strongswan-14-camellia/east.console.txt
> +++ OUTPUT/interop-ikev1-strongswan-14-camellia/east.console.txt
> @@ -40,8 +40,8 @@
> westnet-eastnet-ikev1[1]: IKEv1 SPIs: SPISPI_i SPISPI_r*, pre-shared key reauthentication in 2 hours
> westnet-eastnet-ikev1[1]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
> westnet-eastnet-ikev1{1}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: SPISPI_i SPISPI_o
> -westnet-eastnet-ikev1{1}: CAMELLIA_CBC_256/HMAC_SHA1_96/MODP_2048, XXX bytes_i (4 pkts, XXs ago), XXX bytes_o (4 pkts, !
> -westnet-eastnet-ikev1{1}: 192.0.2.0/24 === 192.0.1.0/24
> +westnet-eastnet-ikev1{1}: CAMELLIA_CBC_256/HMAC_SHA1_96, XXX bytes_i (4 pkts, XXs ago), XXX bytes_o (4 pkts, XXs ago), !
> +westnet-eastnet-ikev1{1}: 192.0.2.0/24 === 192.0.1.0/24
Mine also just works fine. So I do suspect strongswan version here too.
Paul
More information about the Swan-dev
mailing list