[Swan] meaning of error code -> ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS
Amir Naftali
amir at fortycloud.com
Wed Jan 31 19:45:46 UTC 2018
just saw it again, we're running libreswan 3.16 on ubuntu and we get the
following message
#484: ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS must only be used with old IETF
drafts
#484: sending encrypted notification BAD_PROPOSAL_SYNTAX to X.X.X.X:4500
*Amir Naftali*| *CTO 40Cloud*| *FireMon*
D: +972.73.3905722| C: +972.54.4972622
amir@ <amir.naftali at firemon.com>fortycloud.com | *www.40cloud.com
<http://www.40cloud.com/>*
*40Cloud - Making Your Public Cloud Private*
On Tue, Jan 9, 2018 at 6:38 PM, Paul Wouters <paul at nohats.ca> wrote:
> On Tue, 9 Jan 2018, Amir Naftali wrote:
>
> During key renegotiation I see the following messages in the logs
>>
>> Jan 9 09:10:20 hostname pluto[7888]: "connection/6x6" #35475: the peer
>> proposed: 192.168.48.0/20:0/0 -> 100.16.2.200/32:0/0
>>
>> Jan 9 09:10:20 hostname pluto[7888]: "connection/4x5" #35476:
>> ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS must only be used with old IETF
>> drafts
>>
>> Jan 9 09:10:20 hostname pluto[7888]: "connection/4x5" #35476: sending
>> encrypted notification BAD_PROPOSAL_SYNTAX to X.X.X.X:4500
>>
>
> that seems to point to this commit:
>
> commit cae5af428a5182ed0f9d08e9979134703f1ce1b1
> Author: Paul Wouters <paul at xelerance.com>
> Date: Wed Jun 16 16:26:30 2010 -0400
>
> The encapsulation mode enum_names were broken, causing the rather
> strange message from spdb_v1_struct.c:
>
> ENCAPSULATION_MODE_UDP_TUNNEL must only be used with old IETF
> drafts
>
> (where we would expect ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS instead)
>
> Since nothing else used these enums, this was not seen before.
>
> That seems to suggest that's a 10 year old openswan and not libreswan?
>
> I surely cannot find anything that could produce that string in our
> code. Can you verify it is a reasonably modern libreswan?
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20180131/7d5d049a/attachment.html>
More information about the Swan
mailing list