[Swan-dev] no proposal chosen response when a rekey

Andrew Cagney andrew.cagney at gmail.com
Fri Sep 13 20:02:09 UTC 2019


See https://dpaste.de/EyUR from IRC

- libreswan sends a rekey request and gets back no proposal chosen

I suspect this is because libreswan's proposal strictly requires DH
and the other end strictly refuse it (further down in the log is the
remote proposing to CREATE_CHILD_SA with no DH)

But what's more interesting is the other things that go on:

dropping unexpected CREATE_CHILD_SA message containing
NO_PROPOSAL_CHOSEN notification; message payloads: SK; encrypted
payloads: N; missing payloads: SA,Ni,TSi,TSr
-> we're missing a state transition to detect this and initiate a delete

message id deadlock? wait sending, add to send next list using parent
#1628 unacknowledged 1 next message id=1 ike exchange window 1
-> there's an outstanding re-transmit in front of the delete request;
the code should just kill the SA family - given the re-transmit went
no where what makes us think a delete will do better

after that there seems to be a strange fight between the two ends
trying to establish but not working - I suspect the remote isn't
properly deleting the child sa but who knows

Andrew


More information about the Swan-dev mailing list