[Swan] Regression in IPv4 Connectivity from Windows 10 Client

Andrew Cagney cagney at gnu.org
Tue Nov 1 04:45:12 EET 2022 

Thanks.  Here's the only bit of the log that's needed:

Nov  1 03:11:55.547595: | ***parse IKEv2 Configuration Payload Attribute:
Nov  1 03:11:55.547626: |    Attribute Type: IKEv2_INTERNAL_IP4_ADDRESS (0x1)
Nov  1 03:11:55.547653: |    length/value: 0 (00 00)
Nov  1 03:11:55.547687: | connection both thinks it has, and really has a lease
Nov  1 03:11:55.547754: | ***parse IKEv2 Configuration Payload Attribute:
Nov  1 03:11:55.547780: |    Attribute Type: IKEv2_INTERNAL_IP4_DNS (0x3)
Nov  1 03:11:55.547808: |    length/value: 0 (00 00)
Nov  1 03:11:55.547835: | ignoring attribute IKEv2_INTERNAL_IP4_DNS length 0
Nov  1 03:11:55.547859: | ***parse IKEv2 Configuration Payload Attribute:
Nov  1 03:11:55.547885: |    Attribute Type: IKEv2_INTERNAL_IP4_NBNS (0x4)
Nov  1 03:11:55.547913: |    length/value: 0 (00 00)
Nov  1 03:11:55.547940: | ignoring attribute IKEv2_INTERNAL_IP4_NBNS length 0
Nov  1 03:11:55.547982: "MYCONN-ikev2-cp"[2] 188.252.197.105 #4:
ERROR: malformed CP attributeAttribute Type of IKEv2 Configuration
Payload Attribute has an unknown value: 23456 (0x5ba0)
Nov  1 03:11:55.548011: | should_send_delete: #4? no, IKEv2 SA in
state STATE_V2_IKE_AUTH_CHILD_R0 is not established

Try 2cc01a03a8c4bcfcb7c808f233756e96bdb6cfbe



On Mon, 31 Oct 2022 at 22:16, Mirsad Goran Todorovac <
mirsad.todorovac at alu.unizg.hr> wrote:

> Thanks you, Sir!
>
> Actually, the connection was never established.
>
> The error mesg in Win 10 is:
>
> The "first bad commit" session log is here:
> https://magrf.grf.hr/~mtodorov/tmp/ikev2-ipv4-20221101-01.log
>
> Kind regards,
> Mirsad
> On 10/31/2022 8:45 PM, Andrew Cagney wrote:
>
> Nice work.
>
> > I have noticed today (after having figured out how to connect IPv4-only
> from Windows 10) that I lose connectivity
> with github libreswan, while I still had it with libreswan-4.9 from
> tarball.
>
> When you say "lose" connectivity, do you mean it never connects or dies
> after a short while?
>
>
> https://github.com/libreswan/libreswan/commit/bc47dcf87733484f5701b02212c3015a711ca1a9
> added code to check the content of the CP payload so, presumably, microsoft
> is sending something pluto didn't expect.
>
> Was there an error related to CP in the logs? And if possible try a test
> run with debug=all enabled so that the CP payloads are captured and put
> that in a bug.
>
>
>
>
> On Mon, 31 Oct 2022 at 15:07, Mirsad Goran Todorovac <
> mirsad.todorovac at alu.unizg.hr> wrote:
>
>> Hi all,
>>
>> I have noticed today (after having figured out how to connect IPv4-only
>> from Windows 10) that I lose connectivity
>> with github libreswan, while I still had it with libreswan-4.9 from
>> tarball.
>>
>> I felt inspired and bisect gave this (at this commit I lost IPv4 Win 10
>> connectivity):
>>
>> git bisect good e75c5ce30d7b6e5311dd05a4d0512a5f61add78f
>> # bad: [4e1ceb32c64b8b077c41c538e39c5b6252b826b6] connections: pass
>> struct connection_end into extract_end()
>> git bisect bad 4e1ceb32c64b8b077c41c538e39c5b6252b826b6
>> # bad: [bc47dcf87733484f5701b02212c3015a711ca1a9] ikev2: during IKE_AUTH
>> parse IKEv2 CP requests
>> git bisect bad bc47dcf87733484f5701b02212c3015a711ca1a9
>> # good: [823443d6c796340128720a295c99f7eacae09d67] connections: (more)
>> use ...->host->config rather than ...->config->host
>> git bisect good 823443d6c796340128720a295c99f7eacae09d67
>> # first bad commit: [bc47dcf87733484f5701b02212c3015a711ca1a9] ikev2:
>> during IKE_AUTH parse IKEv2 CP requests
>> root at magrf:~/libreswan#
>>
>> Windows specs:
>>
>>
>> VPN server is on Debian 11 Bullseye and stock kernel, on a rather old
>> development can.
>>
>> Hope this helps.
>>
>> Kind regards,
>> Mirsad
>>
>> --
>> Mirsad Todorovac
>> Sistem inženjer
>> Grafički fakultet | Akademija likovnih umjetnosti
>> Sveučilište u Zagrebu
>> --
>> System engineer
>> Faculty of Graphic Arts | Academy of Fine Arts
>> University of Zagreb, Republic of Croatia
>> tel. +385 (0)1 3711 451
>> mob. +385 91 57 88 355
>>
>> --
> Mirsad Todorovac
> Sistem inženjer
> Grafički fakultet | Akademija likovnih umjetnosti
> Sveučilište u Zagrebu
> --
> System engineer
> Faculty of Graphic Arts | Academy of Fine Arts
> University of Zagreb, Republic of Croatia
> tel. +385 (0)1 3711 451
> mob. +385 91 57 88 355
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20221031/ef5d27cd/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nhVxWcIM3S9rH3Uo.png
Type: image/png
Size: 30019 bytes
Desc: not available
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20221031/ef5d27cd/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 49fDqolg9vDJFfCd.png
Type: image/png
Size: 8132 bytes
Desc: not available
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20221031/ef5d27cd/attachment-0003.png>

More information about the Swan mailing list