[Swan] How to let "PLUTO_PEER_PROTOCOL" and "PLUTO_MY_PROTOCOL" to be 17 (UDP) ?

ChenHao earthlovepython at outlook.com
Sun Nov 1 03:38:00 UTC 2015

Hi All:
/var/log/pluto.log writes:=========================| peer client is

| peer client protocol/port is 17/0

| our client is

| our client protocol/port is 17/0

"ip6.tun0" #113: the
peer proposed: fd1d:d30:1bb6:b419::1/128:0/0
-> fd6f:d30:1bb6:b419::1/128:0/0

| find_client_connection
starting with ip6.tun0

|   looking for
fd1d:d30:1bb6:b419::1/128:17/0 -> fd6f:d30:1bb6:b419::1/128:17/0
Because "0/0" is NOT "17/0", find_client_connection() return NULL. As a result, quick_inI1_outR1_authtail() fail "cannot respond to IPsec SA request because no connection is known for" && "sending encrypted notification INVALID_ID_INFORMATION to"
Question:  how to set local protocol to 17 (UDP) instead of 0? 

Corresponding source code:==================quick_inI1_outR1_authtail(){……                               
libreswan_log("the peer proposed: %s:%d/%d -> %s:%d/%d",                                               
      s1, c->spd.this.protocol,
c->spd.this.port,      ç== “spd” is “struct spd_route”                                                
      d1, c->spd.that.protocol, c->spd.that.port);……} quick_inI1_outR1_authtail()
calls find_client_connection() find_client_connection(){….                               
DBG_log("  looking for %s:%d/%d -> %s:%d/%d",                                               
s1, our_protocol,
d1, peer_protocol,
if (samesubnet(&sr->this.client, our_net) &&                                                               
samesubnet(&sr->that.client, peer_net) &&                                                               
== our_protocol &&    ç== Does NOT match. “sr” is “struct spd_route”. As a result, failed.                                                                
(!sr->this.port ||                                                                               
sr->this.port == our_port) &&                                                               
(sr->that.protocol == peer_protocol) &&                                                               
(!sr->that.port ||                                                                               
sr->that.port == peer_port)) {                                                               
if (routed(sr->routing))                                                                               
return c;    ç ==
We expect return here, but ….                                                                
unrouted = c;                                               

“spd.this.protocol” is same as “sr->this.protocol”

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20151031/055cca56/attachment.html>

More information about the Swan mailing list