[Swan-dev] recently failed tests

D. Hugh Redelmeier hugh at mimosa.com
Tue Jul 3 23:27:48 UTC 2018 

These are failures on last night's run that were not failures on the 
previous run, started July 1 at 2:33 AM EDT.

My comments are on lines starting with ?.

testing/pluto/ikev2-ddns-02 failed east:output-different west:output-different
testing/pluto/ikev2-ddns-02/OUTPUT/east.console.diff
testing/pluto/ikev2-ddns-02/OUTPUT/west.console.diff
?unbound didn't start.  Probably expains other problems
  unbound-control local_data right.libreswan.org 3600 IN A 192.1.2.23
-ok
+[1530605437] unbound-control[2452:0] error: connect: Connection refused for 127.0.0.1


testing/pluto/ikev1-x509-08-san-dns-mismatch failed west:output-different
testing/pluto/ikev1-x509-08-san-dns-mismatch/OUTPUT/west.console.diff
? big chunk missing
? worked 3rd time run
? dns == Distinguished NameS?  Seems confusing.
Other side looks happy
 108 "san" #1: STATE_MAIN_I3: sent MI3, expecting MR3
-002 "san" #1: Peer ID is ID_FQDN: '@NOTeast.testing.libreswan.org'
-002 "san" #1: certificate verified OK: E=user-east at testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
-003 "san" #1: No matching subjectAltName found
-003 "san" #1: certificate does not contain subjectAltName=NOTeast.testing.libreswan.org
-002 "san" #1: Peer public key SubjectAltName does not match peer ID for this connection
-002 "san" #1: X509: CERT payload does not match connection ID
-218 "san" #1: STATE_MAIN_I3: INVALID_ID_INFORMATION
-002 "san" #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.2.23:500
 002 "san" #1: suppressing retransmit because IMPAIR_RETRANSMITS is set


testing/pluto/ikev1-hostpair-01 failed east:output-different road:output-different
testing/pluto/ikev1-hostpair-01/OUTPUT/east.console.diff
? real differences but don't look important.  State renumbering?
? second run: worked fine
-000 "roadnet-eastnet-ipv4-psk-ikev1"[2]: 192.1.2.23/32===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east at testing.libreswan.org,MS+XS+S=C]...192.1.2.63[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road at testing.libreswan.org,+MC+XS+S=C]===192.0.2.1/32; erouted; eroute owner: #4
+000 "roadnet-eastnet-ipv4-psk-ikev1"[2]: 192.1.2.23/32===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east at testing.libreswan.org,MS+XS+S=C]...192.1.2.63[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road at testing.libreswan.org,+MC+XS+S=C]===192.0.2.1/32; erouted; eroute owner: #3

-000 "roadnet-eastnet-ipv4-psk-ikev1"[2]:   newest ISAKMP SA: #3; newest IPsec SA: #4;
+000 "roadnet-eastnet-ipv4-psk-ikev1"[2]:   newest ISAKMP SA: #2; newest IPsec SA: #3;

-000 #3: "roadnet-eastnet-ipv4-psk-ikev1"[2] 192.1.2.63:4500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in  XXs; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; import:not set
-000 #4: "roadnet-eastnet-ipv4-psk-ikev1"[2] 192.1.2.63:4500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in  XXs; newest IPSEC; eroute owner; isakmp#3; idle; import:not set
-000 #4: "roadnet-eastnet-ipv4-psk-ikev1"[2] 192.1.2.63 esp.ESPSPIi at 192.1.2.63 esp.ESPSPIi at 192.1.2.23 tun.0 at 192.1.2.63 tun.0 at 192.1.2.23 ref=0 refhim=0 Traffic: ESPin=336B ESPout=336B! ESPmax=4194303B username=use3
+000 #2: "roadnet-eastnet-ipv4-psk-ikev1"[2] 192.1.2.63:4500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in  XXs; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; import:not set
+000 #3: "roadnet-eastnet-ipv4-psk-ikev1"[2] 192.1.2.63:4500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in  XXs; newest IPSEC; eroute owner; isakmp#2; idle; import:not set
+000 #3: "roadnet-eastnet-ipv4-psk-ikev1"[2] 192.1.2.63 esp.ESPSPIi at 192.1.2.63 esp.ESPSPIi at 192.1.2.23 tun.0 at 192.1.2.63 tun.0 at 192.1.2.23 ref=0 refhim=0 Traffic: ESPin=3KB ESPout=336B! ESPmax=4194303B username=use3


testing/pluto/ikev1-hostpair-02 failed east:output-different road:output-different
testing/pluto/ikev1-hostpair-02/OUTPUT/east.console.diff
? more states left alive?
? same on previous run
 000 #2: "roadnet-eastnet-ipv4-psk-ikev1"[1] 192.1.2.254:4500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in  XXs; isakmp#1; idle; import:not set
+000 #3: "roadnet-eastnet-ipv4-psk-ikev1"[1] 192.1.2.254:4500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in  XXs; lastdpd=-1s(seq in:0 out:0); idle; import:not set
 000 #4: "roadnet-eastnet-ipv4-psk-ikev1"[1] 192.1.2.254:4500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in  XXs; isakmp#3; idle; import:not set
+000 #5: "roadnet-eastnet-ipv4-psk-ikev1"[1] 192.1.2.254:4500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in  XXs; lastdpd=-1s(seq in:0 out:0); idle; import:not set
 000 #6: "roadnet-eastnet-ipv4-psk-ikev1"[1] 192.1.2.254:4500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in  XXs; isakmp#5; idle; import:not set
 000 #7: "roadnet-eastnet-ipv4-psk-ikev1"[1] 192.1.2.254:4500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in  XXs; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; import:not set
 000 #8: "roadnet-eastnet-ipv4-psk-ikev1"[1] 192.1.2.254:4500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in  XXs; newest IPSEC; eroute owner; isakmp#7; idle; import:not set

testing/pluto/ikev1-hostpair-02/OUTPUT/road.console.diff
? more packets flowed
? failed on previous run too
@@ -181,11 +181,16 @@
 road #
  ping -n -c 4 -I 192.0.2.1 192.1.2.23
 PING 192.1.2.23 (192.1.2.23) from 192.0.2.1 : 56(84) bytes of data.
+64 bytes from 192.1.2.23: icmp_seq=1 ttl=64 time=0.XXX ms
+64 bytes from 192.1.2.23: icmp_seq=2 ttl=64 time=0.XXX ms
+64 bytes from 192.1.2.23: icmp_seq=3 ttl=64 time=0.XXX ms
+64 bytes from 192.1.2.23: icmp_seq=4 ttl=64 time=0.XXX ms
 --- 192.1.2.23 ping statistics ---
-4 packets transmitted, 0 received, 100% packet loss, time XXXX
+4 packets transmitted, 4 received, 0% packet loss, time XXXX
+rtt min/avg/max/mdev = 0.XXX/0.XXX/0.XXX/0.XXX ms
 road #
  ipsec whack --trafficstatus
-006 #8: "westnet-eastnet-ipv4-psk-ikev1", username=use3, type=ESP, add_time=1234567890, inBytes=0, outBytes=336
+006 #8: "westnet-eastnet-ipv4-psk-ikev1", username=use3, type=ESP, add_time=1234567890, inBytes=336, outBytes=336
 road #
  echo done
 done



testing/pluto/ikev2-liveness-05 failed west:output-different
testing/pluto/ikev2-liveness-05/OUTPUT/west.console.diff
? ping difference
+[ 00.00] IN= OUT=eth1 SRC=192.0.1.254 DST=192.0.2.254 LEN=XXXX TOS=0x00 PREC=0x00 TTL=64 ID=XXXX DF PROTO ICMP TYPE=8 CODE=0 ID=XXXX SEQ=1 

+[ 00.00] IN= OUT=eth1 SRC=192.0.1.254 DST=192.0.2.254 LEN=XXXX TOS=0x00 PREC=0x00 TTL=64 ID=XXXX DF PROTO ICMP TYPE=8 CODE=0 ID=XXXX SEQ=1 




testing/pluto/interop-ikev2-strongswan-35-ipsec-rekey failed west:output-different
testing/pluto/interop-ikev2-strongswan-35-ipsec-rekey/OUTPUT/west.console.diff
?Log message changed?
?but StrongSwan didn't change.
-westnet-eastnet-ikev2{6}:  DELETING, TUNNEL, reqid 1
+westnet-eastnet-ikev2{6}:  REKEYING, TUNNEL, reqid 1, expires in 10 seconds
 westnet-eastnet-ikev2{6}:   192.0.1.0/24 === 192.0.2.0/24
-westnet-eastnet-ikev2{7}:  INSTALLED, TUNNEL, reqid 1, ESP SPIs: SPISPI_i SPISPI_o
-westnet-eastnet-ikev2{7}:   192.0.1.0/24 === 192.0.2.0/24



testing/pluto/interop-ikev2-strongswan-35-responder-rekey-pfs failed west:output-different
testing/pluto/interop-ikev2-strongswan-35-responder-rekey-pfs/OUTPUT/west.console.diff
?Log message changed?
?but StrongSwan didn't change.
+westnet-eastnet-ikev2{1}:  DELETING, TUNNEL, reqid 1
+westnet-eastnet-ikev2{1}:   192.0.1.0/24 === 192.0.2.0/24
 westnet-eastnet-ikev2{2}:  DELETING, TUNNEL, reqid 1
 westnet-eastnet-ikev2{2}:   192.0.1.0/24 === 192.0.2.0/24

More information about the Swan-dev mailing list