[Swan] Lost IKEv1 connectivity after libreswan upgrade

Mirsad Goran Todorovac mirsad.todorovac at alu.hr
Wed Nov 24 17:26:50 EET 2021 

Dear Mr. Wouters,

I was unsuccessful in trying to produce a VPN Client log.

c:\ netsh trace start VpnClient per=yes maxsize=0 filemode=single

produced a C:\Users\mtodo\AppData\Local\Temp\NetTraces\NetTrace.etl log 
that requires PerfView and it
is all Greek to me.

C:\Windows\tracing\rasman.log is empty (size 0).

Any idea? I'm on a Windows 10 Professional box.

Kind regards,
Mirsad Todorovac

On 11/24/2021 3:30 PM, Paul Wouters wrote:
> On Wed, 24 Nov 2021, Mirsad Goran Todorovac wrote:
>
>> Subject: Re: [Swan] Lost IKEv1 connectivity after libreswan upgrade
>
>> It seems that IPSEC is established, and a transport connection:
>>
>> Nov 24 15:16:18.322599: | pstats #14 ikev1.ipsec established
>> Nov 24 15:16:18.322609: | NAT-T: encaps is 'auto'
>> Nov 24 15:16:18.322617: "L2TP-PSK-noNAT"[7] 193.198.186.218 #14: 
>> STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0xbd9d07f4 
>> <0x935a0ca5 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD
>
> On the server side at least. But the last packet sent by the server
> still has to be accepted by the client.
>
>> but then, after receiving first encrypted packet, pluto spuriously 
>> decides to delete, "down" the connection and "unroute" it:
>>
>> Nov 24 15:16:53.359857: | State DB: found IKEv1 state #13 in MAIN_R3 
>> (find_v1_info_state)
>
> R3 is not yet fully established.
>
>> Nov 24 15:16:53.360046: | ***parse ISAKMP Hash Payload:
>> Nov 24 15:16:53.360056: |    next payload type: ISAKMP_NEXT_D (0xc)
>
> This is a Delete request. The client is unhappy with something and
> deleting the connection. If this is due to an upgrade, it could be the
> new defaults for our algorithms aren't matching the old defaults?
> Although we havent changed IKEv1 defaults in a very long time.
>
>> I seem to be stuck here, I don't know how to debug connection.
>
> The client should have a log message about why it decided to hang up?
>
> Paul
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan

-- 
Mirsad Goran Todorovac
CARNet sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
--
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
tel. +385 (0)1 3711 451
mob. +385 91 57 88 355
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20211124/2ef7fd7d/attachment.htm>

More information about the Swan mailing list