[Swan-dev] recently failed tests
Paul Wouters
paul at nohats.ca
Wed Jul 4 03:13:55 UTC 2018
On Tue, 3 Jul 2018, D. Hugh Redelmeier wrote:
> These are failures on last night's run that were not failures on the
> previous run, started July 1 at 2:33 AM EDT.
>
> My comments are on lines starting with ?.
>
> testing/pluto/ikev2-ddns-02 failed east:output-different west:output-different
> testing/pluto/ikev2-ddns-02/OUTPUT/east.console.diff
> testing/pluto/ikev2-ddns-02/OUTPUT/west.console.diff
> ?unbound didn't start. Probably expains other problems
> unbound-control local_data right.libreswan.org 3600 IN A 192.1.2.23
> -ok
> +[1530605437] unbound-control[2452:0] error: connect: Connection refused for 127.0.0.1
Not sure what is going on for you. It works ok testing.libreswan.org:
http://testing.libreswan.org/results/testing/v3.25-84-gad38de9-master/ikev2-ddns-02/
> testing/pluto/ikev1-x509-08-san-dns-mismatch failed west:output-different
same?
> testing/pluto/ikev1-hostpair-01 failed east:output-different road:output-different
same?
> testing/pluto/ikev1-hostpair-02 failed east:output-different road:output-different
I don't understand why east shows more then two connections working.
because road is started one, killed and then started one more time.
I ran it on my laptop and fixed up the ping that now does work properly.
I didn't get the diff in the grep on east though.
> testing/pluto/ikev2-liveness-05 failed west:output-different
> testing/pluto/ikev2-liveness-05/OUTPUT/west.console.diff
> ? ping difference
> +[ 00.00] IN= OUT=eth1 SRC=192.0.1.254 DST=192.0.2.254 LEN=XXXX TOS=0x00 PREC=0x00 TTL=64 ID=XXXX DF PROTO ICMP TYPE=8 CODE=0 ID=XXXX SEQ=1
>
> +[ 00.00] IN= OUT=eth1 SRC=192.0.1.254 DST=192.0.2.254 LEN=XXXX TOS=0x00 PREC=0x00 TTL=64 ID=XXXX DF PROTO ICMP TYPE=8 CODE=0 ID=XXXX SEQ=1
Seems like a race condition when dpd is flipping and the packet leaks
and is caught in the firewall? Cannot reproduce :/
> testing/pluto/interop-ikev2-strongswan-35-ipsec-rekey failed west:output-different
> testing/pluto/interop-ikev2-strongswan-35-ipsec-rekey/OUTPUT/west.console.diff
> ?Log message changed?
> ?but StrongSwan didn't change.
> -westnet-eastnet-ikev2{6}: DELETING, TUNNEL, reqid 1
> +westnet-eastnet-ikev2{6}: REKEYING, TUNNEL, reqid 1, expires in 10 seconds
> westnet-eastnet-ikev2{6}: 192.0.1.0/24 === 192.0.2.0/24
> -westnet-eastnet-ikev2{7}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: SPISPI_i SPISPI_o
> -westnet-eastnet-ikev2{7}: 192.0.1.0/24 === 192.0.2.0/24
This is a race condition that sometimes happens.
The log message changing is because there is a cert in the strongswan
directory, so then it starts sending CERTREQ even if it has
authby=secret. This is due to my recent addition of .der files in those
directories to do ECDSA testing. I added a check to swan-prep to delete
any files in those directories.
> testing/pluto/interop-ikev2-strongswan-35-responder-rekey-pfs failed west:output-different
> testing/pluto/interop-ikev2-strongswan-35-responder-rekey-pfs/OUTPUT/west.console.diff
> ?Log message changed?
> ?but StrongSwan didn't change.
> +westnet-eastnet-ikev2{1}: DELETING, TUNNEL, reqid 1
> +westnet-eastnet-ikev2{1}: 192.0.1.0/24 === 192.0.2.0/24
> westnet-eastnet-ikev2{2}: DELETING, TUNNEL, reqid 1
> westnet-eastnet-ikev2{2}: 192.0.1.0/24 === 192.0.2.0/24
Same as previous.
Paul
More information about the Swan-dev
mailing list