[Swan] This clearly denotes bugs

Sun Jan 6 21:59:45 EET 2013

Paul, Nick,

There is at least one visible bug here:

1/ DHCP_RIGHT_IP is taken into account despite auto=ignore

2/ unbound_resolve() failed to resolve victor.vouters.dyndns.org.

The second error can eventually be explained by:

[philippe at victor ~]$ nslookup 
victor.vouters.dyndns.org                         Server: 192.168.1.1
Address:        192.168.1.1#53

** server can't find victor.vouters.dyndns.org: NXDOMAIN

despite:

[philippe at victor ~]$ hostname
victor.vouters.dyndns.org
[philippe at victor ~]$ cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1       localhost.localdomain   localhost victor.localdomain
::1             localhost6.localdomain6 localhost6
192.168.1.2     victor.vouters.dyndns.org victor www.vouters.com
...
[philippe at victor ~]$

[philippe at victor ~]$ sudo cat /etc/ipsec.d/vouters.conf
# Mutual PSK
conn Philippe_PSK
      authby=secret
#     leftsourceip=192.168.1.2
      also=FIXED_RIGHT_IP

conn DHCP_RIGHT_IP
      type=tunnel
      pfs=yes
      dpddelay=30
      dpdtimeout=120
      dpdaction=restart
      left=victor.vouters.dyndns.org
#     leftnexthop=%defaultroute
      leftprotoport=udp/bootps
      leftupdown="ipsec _updown --route yes"
      right=%any
      rightsubnetwithin=192.168.1.0/24
      rightprotoport=udp/bootps
      rekey=no
      auto=ignore
#     auto=add

conn FIXED_RIGHT_IP
      type=tunnel
      pfs=yes
      dpddelay=30
      dpdtimeout=120
      dpdaction=restart
      left=%defaultroute
      leftnexthop=%defaultroute
      leftsubnet=0.0.0.0/0
      leftupdown="ipsec _updown --route yes"
      right=%any
      rightsubnet=vhost:%no,%priv
      rekey=no
      auto=add
[philippe at victor ~]$ sudo /usr/local/sbin/ipsec addconn --verbose 
Philippe_PSK
opening file: /etc/ipsec.conf
debugging mode enabled
including file '/etc/ipsec.d/*.conf'(/etc/ipsec.d/*.conf) from line 
/etc/ipsec.conf:26
Loading conn Philippe_PSK
         while loading conn 'Philippe_PSK' also including 'FIXED_RIGHT_IP'
starter: case KH_DEFAULTROUTE: empty
Loading conn DHCP_RIGHT_IP
starter: check what we need to do for  'victor.vouters.dyndns.org'
starter: ttoaddr_num failed, not numeric 'victor.vouters.dyndns.org'
Calling unbound_resolve() for endpoint value
starter: Resolved to victor.vouters.dyndns.org !
while loading 'DHCP_RIGHT_IP': Resolving failed for remote address 
=victor.vouters.dyndns.org

Loading conn FIXED_RIGHT_IP
starter: case KH_DEFAULTROUTE: empty
loading named conns: Philippe_PSK
parse_src = 0, parse_gateway = 1, has_dst = 0
dst  via 192.168.1.1 dev eth0 src
set nexthop: 192.168.1.1
dst 169.254.0.0 via  dev eth0 src
dst 192.168.1.0 via  dev eth0 src 192.168.1.2
dst 127.0.0.0 via  dev lo src 127.0.0.1
dst 127.0.0.0 via  dev lo src 127.0.0.1
dst 127.0.0.1 via  dev lo src 127.0.0.1
dst 127.255.255.255 via  dev lo src 127.0.0.1
dst 192.168.1.0 via  dev eth0 src 192.168.1.2
dst 192.168.1.2 via  dev eth0 src 192.168.1.2
dst 192.168.1.255 via  dev eth0 src 192.168.1.2

parse_src = 1, parse_gateway = 0, has_dst = 1
dst 192.168.1.1 via  dev eth0 src 192.168.1.2
set addr: 192.168.1.2
002 "Philippe_PSK": deleting connection
002 added connection description "Philippe_PSK"
[philippe at victor ~]$

[philippe at victor ~]$

-- 
Philippe Vouters (Fontainebleau/France)
URL: http://vouters.dyndns.org/
SIP: sip:Vouters at sip.linphone.org