[Swan-dev] IKEv2 finding an IKEv1 connection

Andrew Cagney andrew.cagney at gmail.com
Sat Jun 22 13:00:39 UTC 2019 

https://testing.libreswan.org/v3.28-214-g00f4ca6a5-master/ikev1-ikev2-connswitch-01/OUTPUT/east.pluto.log.gz

The test currently core dumps as the IKEv2 code goes to use the IKE
proposal suite but discovers it missing.  However, it seems the
problem is it found the wrong connection:

| Now let's proceed with state specific processing
| calling processor Respond to IKE_SA_INIT
| find_host_connection me=192.1.2.23:500 him=192.1.2.45:500
policy=ECDSA+IKEV2_ALLOW
| find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500
| find_next_host_connection policy=ECDSA+IKEV2_ALLOW
| found policy =
RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
(westnet-eastnet2)
| found policy =
RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
(westnet-eastnet1)
| find_next_host_connection returns empty
| find_host_connection me=192.1.2.23:500 him=%any:500 policy=ECDSA+IKEV2_ALLOW
| find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500
| find_next_host_connection policy=ECDSA+IKEV2_ALLOW
| find_next_host_connection returns empty
| initial parent SA message received on 192.1.2.23:500 but no
connection has been authorized with policy ECDSA+IKEV2_ALLOW
| find_host_connection me=192.1.2.23:500 him=192.1.2.45:500
policy=RSASIG+IKEV2_ALLOW
| find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500
| find_next_host_connection policy=RSASIG+IKEV2_ALLOW
| found policy =
RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
(westnet-eastnet2)
| find_next_host_connection returns westnet-eastnet2
| found connection: westnet-eastnet1 with policy RSASIG+IKEV2_ALLOW
| find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500
| creating state object #3 at 0x7f92f59de518
| State DB: adding IKEv2 state #3 in UNDEFINED
| pstats #3 ikev2.ike started
| Message ID: init #3: msgid=0 lastack=4294967295 nextuse=0
lastrecv=4294967295 lastreplied=0
| parent state #3: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA)
| Message ID: init_ike #3; ike: initiator.sent=0->-1
initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1
wip.initiator=0->-1 wip.responder=0->-1
| Message ID: start-responder #3 request 0; ike: initiator.sent=-1
initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1
wip.responder=-1->0
| processing: start state #3 connection "westnet-eastnet1" 192.1.2.45
(in initialize_new_state() at ipsec_doi.c:483)

More information about the Swan-dev mailing list