[Swan] Regression in IPv4 Connectivity from Windows 10 Client
Mirsad Goran Todorovac
mirsad.todorovac at alu.unizg.hr
Tue Nov 1 06:34:22 EET 2022
Yes, this fixed this issue. :)
Now the Win 10 client connected:
Thanks.
Now only to make IPv6-over-IPv6 connection work.
However, restoring IPv4 VPN regression after upgrade to IPv6 will
suffice. IPv6 VPN would be a nice
thing to have, especially dual-stack, IMHO but any VPN is better than
broken VPN (as a quantum difference).
Kind regards,
Mirsad
On 11/1/2022 3:45 AM, Andrew Cagney wrote:
> Thanks. Here's the only bit of the log that's needed:
> Nov 1 03:11:55.547595: | ***parse IKEv2 Configuration Payload Attribute:
> Nov 1 03:11:55.547626: | Attribute Type: IKEv2_INTERNAL_IP4_ADDRESS (0x1)
> Nov 1 03:11:55.547653: | length/value: 0 (00 00)
> Nov 1 03:11:55.547687: | connection both thinks it has, and really has a lease
> Nov 1 03:11:55.547754: | ***parse IKEv2 Configuration Payload Attribute:
> Nov 1 03:11:55.547780: | Attribute Type: IKEv2_INTERNAL_IP4_DNS (0x3)
> Nov 1 03:11:55.547808: | length/value: 0 (00 00)
> Nov 1 03:11:55.547835: | ignoring attribute IKEv2_INTERNAL_IP4_DNS length 0
> Nov 1 03:11:55.547859: | ***parse IKEv2 Configuration Payload Attribute:
> Nov 1 03:11:55.547885: | Attribute Type: IKEv2_INTERNAL_IP4_NBNS (0x4)
> Nov 1 03:11:55.547913: | length/value: 0 (00 00)
> Nov 1 03:11:55.547940: | ignoring attribute IKEv2_INTERNAL_IP4_NBNS length 0
> Nov 1 03:11:55.547982: "MYCONN-ikev2-cp"[2] 188.252.197.105 #4: ERROR: malformed CP attributeAttribute Type of IKEv2 Configuration Payload Attribute has an unknown value: 23456 (0x5ba0)
> Nov 1 03:11:55.548011: | should_send_delete: #4? no, IKEv2 SA in state STATE_V2_IKE_AUTH_CHILD_R0 is not established
> Try 2cc01a03a8c4bcfcb7c808f233756e96bdb6cfbe
>
> On Mon, 31 Oct 2022 at 22:16, Mirsad Goran Todorovac
> <mirsad.todorovac at alu.unizg.hr> wrote:
>
> Thanks you, Sir!
>
> Actually, the connection was never established.
>
> The error mesg in Win 10 is:
>
> The "first bad commit" session log is here:
> https://magrf.grf.hr/~mtodorov/tmp/ikev2-ipv4-20221101-01.log
>
> Kind regards,
> Mirsad
>
> On 10/31/2022 8:45 PM, Andrew Cagney wrote:
>> Nice work.
>>
>> > I have noticed today (after having figured out how to connect
>> IPv4-only from Windows 10) that I lose connectivity
>> with github libreswan, while I still had it with libreswan-4.9
>> from tarball.
>>
>> When you say "lose" connectivity, do you mean it never connects
>> or dies after a short while?
>>
>> https://github.com/libreswan/libreswan/commit/bc47dcf87733484f5701b02212c3015a711ca1a9
>> added code to check the content of the CP payload so, presumably,
>> microsoft is sending something pluto didn't expect.
>>
>> Was there an error related to CP in the logs? And if possible try
>> a test run with debug=all enabled so that the CP payloads are
>> captured and put that in a bug.
>>
>>
>>
>>
>> On Mon, 31 Oct 2022 at 15:07, Mirsad Goran Todorovac
>> <mirsad.todorovac at alu.unizg.hr> wrote:
>>
>> Hi all,
>>
>> I have noticed today (after having figured out how to connect
>> IPv4-only from Windows 10) that I lose connectivity
>> with github libreswan, while I still had it with
>> libreswan-4.9 from tarball.
>>
>> I felt inspired and bisect gave this (at this commit I lost
>> IPv4 Win 10 connectivity):
>>
>> git bisect good e75c5ce30d7b6e5311dd05a4d0512a5f61add78f
>> # bad: [4e1ceb32c64b8b077c41c538e39c5b6252b826b6]
>> connections: pass struct connection_end into extract_end()
>> git bisect bad 4e1ceb32c64b8b077c41c538e39c5b6252b826b6
>> # bad: [bc47dcf87733484f5701b02212c3015a711ca1a9] ikev2:
>> during IKE_AUTH parse IKEv2 CP requests
>> git bisect bad bc47dcf87733484f5701b02212c3015a711ca1a9
>> # good: [823443d6c796340128720a295c99f7eacae09d67]
>> connections: (more) use ...->host->config rather than
>> ...->config->host
>> git bisect good 823443d6c796340128720a295c99f7eacae09d67
>> # first bad commit:
>> [bc47dcf87733484f5701b02212c3015a711ca1a9] ikev2: during
>> IKE_AUTH parse IKEv2 CP requests
>> root at magrf:~/libreswan#
>>
>> Windows specs:
>>
>>
>> VPN server is on Debian 11 Bullseye and stock kernel, on a
>> rather old development can.
>>
>> Hope this helps.
>>
>> Kind regards,
>> Mirsad
>>
>> --
>> Mirsad Todorovac
>> Sistem inženjer
>> Grafički fakultet | Akademija likovnih umjetnosti
>> Sveučilište u Zagrebu
>> --
>> System engineer
>> Faculty of Graphic Arts | Academy of Fine Arts
>> University of Zagreb, Republic of Croatia
>> tel. +385 (0)1 3711 451
>> mob. +385 91 57 88 355
>>
> --
> Mirsad Todorovac
> Sistem inženjer
> Grafički fakultet | Akademija likovnih umjetnosti
> Sveučilište u Zagrebu
> --
> System engineer
> Faculty of Graphic Arts | Academy of Fine Arts
> University of Zagreb, Republic of Croatia
> tel. +385 (0)1 3711 451
> mob. +385 91 57 88 355
>
--
Mirsad Todorovac
Sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
--
System engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
tel. +385 (0)1 3711 451
mob. +385 91 57 88 355
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20221101/ddce9a3d/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: DVUNqny2GLThMAqo.png
Type: image/png
Size: 16206 bytes
Desc: not available
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20221101/ddce9a3d/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nhVxWcIM3S9rH3Uo.png
Type: image/png
Size: 30019 bytes
Desc: not available
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20221101/ddce9a3d/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 49fDqolg9vDJFfCd.png
Type: image/png
Size: 8132 bytes
Desc: not available
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20221101/ddce9a3d/attachment-0005.png>
More information about the Swan
mailing list