[Swan-dev] pluto replying with both v2N_INVALID_KE_PAYLOAD then v2N_NO_PROPOSAL_CHOSEN?
Paul Wouters
paul at nohats.ca
Sat Jul 8 11:28:27 UTC 2017
On Fri, 7 Jul 2017, Andrew Cagney wrote:
> +parsed IKE_SA_INIT response 0 [ N(NO_PROP) ]
> +received NO_PROPOSAL_CHOSEN notify error
> +establishing connection 'road-eastnet-ikev2' failed
> | sending 40 bytes for v2 notify through eth1:500 to 192.1.2.254:500 (using #0)
> | 13 87 4a 1b 56 bd 74 ad 00 00 00 00 00 00 00 00
> | 29 20 22 20 00 00 00 00 00 00 00 28 00 00 00 0a
> | 00 00 00 11 00 0e 00 00
> | #0 complete v2 state transition from STATE_UNDEFINED with
> v2N_NO_PROPOSAL_CHOSEN
> | sending a notification reply
> packet from 192.1.2.254:500: sending unencrypted notification
> v2N_NO_PROPOSAL_CHOSEN to 192.1.2.254:500
It should go through the state with STF_DROP, since it
already sent a reply with INVALID_KE. I'll see if I can find
out what's happening here.
> it seems to be related to c4c2c62a
It does, looking at the diff:
- return STF_FAIL;
- }
+ if (ike2_match_ke_group_and_prop(md, accepted_oakley) ==
STF_FAIL) {
+ free_ikev2_proposal(&accepted_ike_proposal);
+ return STF_FAIL + v2N_NO_PROPOSAL_CHOSEN;
}
It went from STF_FAIL to STF_FAIL + v2N_NO_PROPOSAL_CHOSEN
Paul
> Andrew
>
> PS: the log http://testing.libreswan.org/results/v3.20-709-g8de1339-master/interop-ikev2-strongswan-11-nat-initiator/OUTPUT/east.pluto.log.bz2
> shows the behaviour; look for INVALID_KE
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
>
More information about the Swan-dev
mailing list