[Swan-dev] _parse_pam_auth_rsp: AUTH FAILURE

Balaji Thoguluva tbbalaji at gmail.com
Wed Dec 9 22:28:03 UTC 2020 

Thanks Paul for your suggestions.

I think we will try to upgrade to the 3.32 version.

With the 3.32 version, we tested IPsec Rekey functionality. But we are not
able to see the expected behavior of rekey. We tried establishing a tunnel
between the 2 Libreswan. What we noticed is when one of the Libreswan sends
CREATE_CHILD_SA request to the other end, the other end sends ICMP 550
destination unreachable (Communication administratively prevented) error
message.

Attached is a zip of wireshark, initiator and responder pluto logs.

Dec  9 12:14:26.800597: |   02 00 01 f4  0a c4 ff 4b  00 00 00 00  00 00 00
00
Dec  9 12:14:26.800617: "taccert" #1: ERROR: asynchronous network error
report on ens32 (10.196.253.12:500) for message to 10.196.255.75 port 500,
complainant 10.196.255.75: No route to host [errno 113, origin ICMP type 3
code 13 (not authenticated)]
Dec  9 12:14:26.800630: | spent 0.181 milliseconds in comm_handle_cb()
calling check_incoming_msg_errqueue()

If you can shed some light on this, that would be great.

Thanks,
Balaji

On Tue, Dec 8, 2020 at 7:08 PM Paul Wouters <paul at nohats.ca> wrote:

> On Tue, 8 Dec 2020, Balaji Thoguluva wrote:
>
> > Can I backport the fixes shown below to the 3.25 version?
>
> You can, but it will take some work to find the related commits.
>
> > If yes, can you please provide me the steps on how to do it as I am not
> much familiar with it?
>
> You would have to find the related git commits with "git log". Again
> look for "revive" in the git log messages. Then see how/why it applies
> to the older code.
>
> It is a lot of work. It is likely more work than upgrading. Any reason
> why you are not going that path?
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20201209/99e7ecb7/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Libreswan3.32-IPsec-Rekey-NotWorking.7z
Type: application/octet-stream
Size: 291345 bytes
Desc: not available
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20201209/99e7ecb7/attachment-0001.obj>

More information about the Swan-dev mailing list