[Swan-dev] 5.0 RC1 connection not found
Bill Atwood
williamatwood41 at gmail.com
Sat Jan 13 22:18:33 EET 2024
I have two hosts: Ritchie and Tarjan. Tarjan is running Libreswan 4.12,
so that I can test "mixed" environments.
For Ritchie, I have downloaded 5.0 RC1, installed all of the
dependencies, and built the software. I have created and installed the
necessary certificates. I have assigned the necessary addresses (IPv6
ULA) to the interfaces.
Tarjan Ritchie
ens7 enp4s0
fd51:20d9:5ad2:b::1 <-----> fd51:20d9:5ad2:b::2
Libreswan 4.12 Libreswan 5.0 RC1
The certificates are in place:
dev at Ritchie:~$ sudo certutil -L -d /var/lib/ipsec/nss
Certificate Nickname Trust
Attributes
SSL,S/MIME,JAR/XPI
RIcert u,u,u
HSPLCA CT,,
Then, I start ipsec, and attempt to add the connection (using the new
syntax in 5.0 RC1):
dev at Ritchie:~$ sudo ipsec setup start
[sudo] password for dev:
Redirecting to: systemctl start ipsec.service
dev at Ritchie:~$ sudo ipsec add RITA6c
conn 'RITA6c': not found (tried aliases)
Here are the contents of file RITA6C, and the listing of the IPv6
addresses on Ritchie:
root at Ritchie:/etc/ipsec.d# cat RITA6C
conn RITA6c
left=fd51:20d9:5ad2:b::2
leftid="CN=Ritchie Certificate"
leftrsasigkey=%cert
leftcert=RIcert
right=fd51:20d9:5ad2:b::1
rightid="CN=Tarjan Certificate"
rightrsasigkey=%cert
auto=add
root at Ritchie:/etc/ipsec.d# ip -6 addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fd51:20d9:5ad2:b::2/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::21a:a0ff:fe15:62b8/64 scope link
valid_lft forever preferred_lft forever
3: enp5s4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::20e:cff:fea9:b90f/64 scope link
valid_lft forever preferred_lft forever
4: enp5s5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::20e:cff:fea9:b937/64 scope link
valid_lft forever preferred_lft forever
root at Ritchie:/etc/ipsec.d#
Does anyone have suggestions for finding the source of this error? I
don't see any debugging options on the ipsec command.
Any help will be appreciated.
Bill
P.S. The above configuration works between two hosts running 4.12. (with
"auto --add" rather than "add").
More information about the Swan-dev
mailing list