[Swan] Regression in IPv4 Connectivity from Windows 10 Client

Mirsad Goran Todorovac mirsad.todorovac at alu.unizg.hr
Tue Nov 1 06:34:22 EET 2022


Yes, this fixed this issue. :)
Now the Win 10 client connected:

Thanks.

Now only to make IPv6-over-IPv6 connection work.

However, restoring IPv4 VPN regression after upgrade to IPv6 will 
suffice. IPv6 VPN would be a nice
thing to have, especially dual-stack, IMHO but any VPN is better than 
broken VPN (as a quantum difference).

Kind regards,
Mirsad

On 11/1/2022 3:45 AM, Andrew Cagney wrote:
> Thanks.  Here's the only bit of the log that's needed:
> Nov  1 03:11:55.547595: | ***parse IKEv2 Configuration Payload Attribute:
> Nov  1 03:11:55.547626: |    Attribute Type: IKEv2_INTERNAL_IP4_ADDRESS (0x1)
> Nov  1 03:11:55.547653: |    length/value: 0 (00 00)
> Nov  1 03:11:55.547687: | connection both thinks it has, and really has a lease
> Nov  1 03:11:55.547754: | ***parse IKEv2 Configuration Payload Attribute:
> Nov  1 03:11:55.547780: |    Attribute Type: IKEv2_INTERNAL_IP4_DNS (0x3)
> Nov  1 03:11:55.547808: |    length/value: 0 (00 00)
> Nov  1 03:11:55.547835: | ignoring attribute IKEv2_INTERNAL_IP4_DNS length 0
> Nov  1 03:11:55.547859: | ***parse IKEv2 Configuration Payload Attribute:
> Nov  1 03:11:55.547885: |    Attribute Type: IKEv2_INTERNAL_IP4_NBNS (0x4)
> Nov  1 03:11:55.547913: |    length/value: 0 (00 00)
> Nov  1 03:11:55.547940: | ignoring attribute IKEv2_INTERNAL_IP4_NBNS length 0
> Nov  1 03:11:55.547982: "MYCONN-ikev2-cp"[2] 188.252.197.105 #4: ERROR: malformed CP attributeAttribute Type of IKEv2 Configuration Payload Attribute has an unknown value: 23456 (0x5ba0)
> Nov  1 03:11:55.548011: | should_send_delete: #4? no, IKEv2 SA in state STATE_V2_IKE_AUTH_CHILD_R0 is not established
> Try 2cc01a03a8c4bcfcb7c808f233756e96bdb6cfbe
>
> On Mon, 31 Oct 2022 at 22:16, Mirsad Goran Todorovac 
> <mirsad.todorovac at alu.unizg.hr> wrote:
>
>     Thanks you, Sir!
>
>     Actually, the connection was never established.
>
>     The error mesg in Win 10 is:
>
>     The "first bad commit" session log is here:
>     https://magrf.grf.hr/~mtodorov/tmp/ikev2-ipv4-20221101-01.log
>
>     Kind regards,
>     Mirsad
>
>     On 10/31/2022 8:45 PM, Andrew Cagney wrote:
>>     Nice work.
>>
>>     > I have noticed today (after having figured out how to connect
>>     IPv4-only from Windows 10) that I lose connectivity
>>     with github libreswan, while I still had it with libreswan-4.9
>>     from tarball.
>>
>>     When you say "lose" connectivity, do you mean it never connects
>>     or dies after a short while?
>>
>>     https://github.com/libreswan/libreswan/commit/bc47dcf87733484f5701b02212c3015a711ca1a9
>>     added code to check the content of the CP payload so, presumably,
>>     microsoft is sending something pluto didn't expect.
>>
>>     Was there an error related to CP in the logs? And if possible try
>>     a test run with debug=all enabled so that the CP payloads are
>>     captured and put that in a bug.
>>
>>
>>
>>
>>     On Mon, 31 Oct 2022 at 15:07, Mirsad Goran Todorovac
>>     <mirsad.todorovac at alu.unizg.hr> wrote:
>>
>>         Hi all,
>>
>>         I have noticed today (after having figured out how to connect
>>         IPv4-only from Windows 10) that I lose connectivity
>>         with github libreswan, while I still had it with
>>         libreswan-4.9 from tarball.
>>
>>         I felt inspired and bisect gave this (at this commit I lost
>>         IPv4 Win 10 connectivity):
>>
>>         git bisect good e75c5ce30d7b6e5311dd05a4d0512a5f61add78f
>>         # bad: [4e1ceb32c64b8b077c41c538e39c5b6252b826b6]
>>         connections: pass struct connection_end into extract_end()
>>         git bisect bad 4e1ceb32c64b8b077c41c538e39c5b6252b826b6
>>         # bad: [bc47dcf87733484f5701b02212c3015a711ca1a9] ikev2:
>>         during IKE_AUTH parse IKEv2 CP requests
>>         git bisect bad bc47dcf87733484f5701b02212c3015a711ca1a9
>>         # good: [823443d6c796340128720a295c99f7eacae09d67]
>>         connections: (more) use ...->host->config rather than
>>         ...->config->host
>>         git bisect good 823443d6c796340128720a295c99f7eacae09d67
>>         # first bad commit:
>>         [bc47dcf87733484f5701b02212c3015a711ca1a9] ikev2: during
>>         IKE_AUTH parse IKEv2 CP requests
>>         root at magrf:~/libreswan#
>>
>>         Windows specs:
>>
>>
>>         VPN server is on Debian 11 Bullseye and stock kernel, on a
>>         rather old development can.
>>
>>         Hope this helps.
>>
>>         Kind regards,
>>         Mirsad
>>
>>         --
>>         Mirsad Todorovac
>>         Sistem inženjer
>>         Grafički fakultet | Akademija likovnih umjetnosti
>>         Sveučilište u Zagrebu
>>         -- 
>>         System engineer
>>         Faculty of Graphic Arts | Academy of Fine Arts
>>         University of Zagreb, Republic of Croatia
>>         tel. +385 (0)1 3711 451
>>         mob. +385 91 57 88 355
>>
>     --
>     Mirsad Todorovac
>     Sistem inženjer
>     Grafički fakultet | Akademija likovnih umjetnosti
>     Sveučilište u Zagrebu
>     -- 
>     System engineer
>     Faculty of Graphic Arts | Academy of Fine Arts
>     University of Zagreb, Republic of Croatia
>     tel. +385 (0)1 3711 451
>     mob. +385 91 57 88 355
>
--
Mirsad Todorovac
Sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
-- 
System engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
tel. +385 (0)1 3711 451
mob. +385 91 57 88 355
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20221101/ddce9a3d/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: DVUNqny2GLThMAqo.png
Type: image/png
Size: 16206 bytes
Desc: not available
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20221101/ddce9a3d/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nhVxWcIM3S9rH3Uo.png
Type: image/png
Size: 30019 bytes
Desc: not available
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20221101/ddce9a3d/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 49fDqolg9vDJFfCd.png
Type: image/png
Size: 8132 bytes
Desc: not available
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20221101/ddce9a3d/attachment-0005.png>


More information about the Swan mailing list