[Swan] OSX Server interop patch, was Re: Connecting to OS X Server

Ali Gangji ali at neonrain.com
Wed Jan 14 16:59:54 EET 2015


OS X version 10.10.1 and Server version 4.0.3.

Attached is the log from the server showing 2 connection attempts.

On Tue, Jan 13, 2015 at 7:44 AM, Ali Gangji <ali at neonrain.com> wrote:

> It's a late 2014 Mac Mini running Mac OS 10.10 Yosemite, and using the OS
> X Server VPN service.
>
> I'll take a look at the logs and reply back.
>
> On Mon, Jan 12, 2015 at 6:57 PM, Paul Wouters <paul at nohats.ca> wrote:
>
>> On Mon, 12 Jan 2015, Ali Gangji wrote:
>>
>>  Thanks for the help again. I now get a new, but similar message:
>>> Notify Message Type of ISAKMP Notification Payload has an unknown value:
>>> 15823
>>>
>>
>> https://www.iana.org/assignments/ipsec-registry/
>> ipsec-registry.xhtml#ipsec-registry-22
>>
>> Hmm, according to IANA this falls in the range:
>>
>>         8192 - 16383    Doi-Specific Error types
>>
>> This might get uglier. We might need to actually send it in a buggy way
>> as well.
>>
>> Do you have access to this remote endpoint? Can you tell us about the
>> specific version and hardware? could it be that this is a ppc32
>> package on a ppc64 or something weird like that?
>>
>> Do you have any access to the logs?
>>
>> We could try and send a DOI that's the wrong ntohl(1) but if that
>> just means we have to do that for ALL payloads it is just too bad
>> a hack to build a workaround for.
>>
>> Paul
>>
>
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20150114/7f8c1e62/attachment.html>
-------------- next part --------------
Jan 13 21:20:49 Abduls-Mac-mini.local racoon[16743]: IPSec Phase 1 started (Initiated by peer).
Jan 13 21:20:49 --- last message repeated 1 time ---
Jan 13 21:20:49 Abduls-Mac-mini.local racoon[16743]: IKE Packet: receive success. (Responder, Main-Mode message 1).
Jan 13 21:20:49 Abduls-Mac-mini.local racoon[16743]: >>>>> phase change status = Phase 1 started by us
Jan 13 21:20:49 --- last message repeated 1 time ---
Jan 13 21:20:49 Abduls-Mac-mini.local racoon[16743]: IKE Packet: transmit success. (Responder, Main-Mode message 2).
Jan 13 21:20:49 Abduls-Mac-mini.local racoon[16743]: IKE Packet: receive success. (Responder, Main-Mode message 3).
Jan 13 21:20:49 Abduls-Mac-mini.local racoon[16743]: IKE Packet: transmit success. (Responder, Main-Mode message 4).
Jan 13 21:20:49 Abduls-Mac-mini.local racoon[16743]: packet shorter than isakmp header size (size: 0, minimum expected: 28)
Jan 13 21:20:49 --- last message repeated 1 time ---
Jan 13 21:20:49 Abduls-Mac-mini.local racoon[16743]: IKEv1 Phase 1 AUTH: success. (Responder, Main-Mode Message 5).
Jan 13 21:20:49 Abduls-Mac-mini.local racoon[16743]: IKE Packet: receive success. (Responder, Main-Mode message 5).
Jan 13 21:20:49 Abduls-Mac-mini.local racoon[16743]: IKEv1 Phase 1 Responder: success. (Responder, Main-Mode).
Jan 13 21:20:49 Abduls-Mac-mini.local racoon[16743]: IKE Packet: transmit success. (Responder, Main-Mode message 6).
Jan 13 21:20:49 Abduls-Mac-mini.local racoon[16743]: IPSec Phase 1 established (Initiated by peer).
Jan 13 21:20:49 --- last message repeated 1 time ---
Jan 13 21:20:49 Abduls-Mac-mini.local racoon[16743]: IPSec Phase 2 started (Initiated by peer).
Jan 13 21:20:49 --- last message repeated 1 time ---
Jan 13 21:20:49 Abduls-Mac-mini.local racoon[16743]: use own lifetime: my:3600 peer:28800
Jan 13 21:20:49 --- last message repeated 1 time ---
Jan 13 21:20:49 Abduls-Mac-mini.local racoon[16743]: IKE Packet: receive success. (Responder, Quick-Mode message 1).
Jan 13 21:20:49 Abduls-Mac-mini.local racoon[16743]: >>>>> phase change status = Phase 2 started
Jan 13 21:20:49 --- last message repeated 1 time ---
Jan 13 21:20:49 Abduls-Mac-mini.local racoon[16743]: IKE Packet: transmit success. (Responder, Quick-Mode message 2).
Jan 13 21:20:52 Abduls-Mac-mini.local racoon[16743]: IKE Packet: transmit success. (Phase 2 Retransmit).
Jan 13 21:20:55 Abduls-Mac-mini.local racoon[16743]: IKE Packet: transmit success. (Phase 2 Retransmit).
Jan 13 21:20:57 Abduls-Mac-mini.local racoon[16743]: IKE Packet: transmit success. (Information message).
Jan 13 21:20:57 Abduls-Mac-mini.local racoon[16743]: IKEv1 Information-Notice: transmit success. (Delete ISAKMP-SA).
Jan 13 21:20:57 Abduls-Mac-mini.local racoon[16743]: Connecting.
Jan 13 21:20:57 Abduls-Mac-mini.local racoon[16743]: IPSec Phase 1 started (Initiated by peer).
Jan 13 21:20:57 --- last message repeated 1 time ---
Jan 13 21:20:57 Abduls-Mac-mini.local racoon[16743]: IKE Packet: receive success. (Responder, Main-Mode message 1).
Jan 13 21:20:57 Abduls-Mac-mini.local racoon[16743]: >>>>> phase change status = Phase 1 started by us
Jan 13 21:20:57 --- last message repeated 1 time ---
Jan 13 21:20:57 Abduls-Mac-mini.local racoon[16743]: IKE Packet: transmit success. (Responder, Main-Mode message 2).
Jan 13 21:20:57 Abduls-Mac-mini.local racoon[16743]: IKE Packet: receive success. (Responder, Main-Mode message 3).
Jan 13 21:20:57 Abduls-Mac-mini.local racoon[16743]: IKE Packet: transmit success. (Responder, Main-Mode message 4).
Jan 13 21:20:57 Abduls-Mac-mini.local racoon[16743]: IKEv1 Phase 1 AUTH: success. (Responder, Main-Mode Message 5).
Jan 13 21:20:57 Abduls-Mac-mini.local racoon[16743]: IKE Packet: receive success. (Responder, Main-Mode message 5).
Jan 13 21:20:57 Abduls-Mac-mini.local racoon[16743]: IKEv1 Phase 1 Responder: success. (Responder, Main-Mode).
Jan 13 21:20:57 Abduls-Mac-mini.local racoon[16743]: IKE Packet: transmit success. (Responder, Main-Mode message 6).
Jan 13 21:20:57 Abduls-Mac-mini.local racoon[16743]: IPSec Phase 1 established (Initiated by peer).
Jan 13 21:20:59 --- last message repeated 1 time ---
Jan 13 21:20:59 Abduls-Mac-mini.local racoon[16743]: IKE Packet: transmit success. (Phase 2 Retransmit).
Jan 13 21:21:00 Abduls-Mac-mini.local racoon[16743]: !!! skipped retransmitting frags: frag_flags 1, r->sendbuf->l 224, max 1280
Jan 13 21:21:00 --- last message repeated 1 time ---
Jan 13 21:21:00 Abduls-Mac-mini.local racoon[16743]: Received retransmitted packet from XX.XXX.XX.XXX[4500].
Jan 13 21:21:00 --- last message repeated 1 time ---
Jan 13 21:21:00 Abduls-Mac-mini.local racoon[16743]: the packet is retransmitted by XX.XXX.XX.XXX[4500].
Jan 13 21:21:02 --- last message repeated 1 time ---
Jan 13 21:21:02 Abduls-Mac-mini.local racoon[16743]: IKE Packet: transmit success. (Phase 2 Retransmit).
Jan 13 21:21:05 Abduls-Mac-mini.local racoon[16743]: IKE Packet: transmit success. (Phase 2 Retransmit).
Jan 13 21:21:09 --- last message repeated 1 time ---
Jan 13 21:21:09 Abduls-Mac-mini.local racoon[16743]: !!! skipped retransmitting frags: frag_flags 1, r->sendbuf->l 224, max 1280
Jan 13 21:21:09 --- last message repeated 1 time ---
Jan 13 21:21:09 Abduls-Mac-mini.local racoon[16743]: Received retransmitted packet from XX.XXX.XX.XXX[4500].
Jan 13 21:21:09 --- last message repeated 1 time ---
Jan 13 21:21:09 Abduls-Mac-mini.local racoon[16743]: the packet is retransmitted by XX.XXX.XX.XXX[4500].
Jan 13 21:21:11 --- last message repeated 1 time ---
Jan 13 21:21:11 Abduls-Mac-mini.local racoon[16743]: IKE Packet: transmit success. (Phase 2 Retransmit).
Jan 13 21:21:15 Abduls-Mac-mini.local racoon[16743]: IKE Packet: transmit success. (Phase 2 Retransmit).
Jan 13 21:21:19 --- last message repeated 1 time ---
Jan 13 21:21:19 Abduls-Mac-mini.local racoon[16743]: IKE Packet: receive success. (Information message).
Jan 13 21:21:21 Abduls-Mac-mini.local racoon[16743]: XX.XXX.XX.XXX give up to get IPsec-SA due to time up to wait.


More information about the Swan mailing list