[Swan] VPN IKEv2 client reporting syntax errors in libexec/ipsec/_updown.xfrm
Tuomo Soini
tis at foobar.fi
Wed Nov 1 22:44:39 EET 2023
On Wed, 1 Nov 2023 19:11:03 +0100
Mirsad Todorovac <mirsad.todorovac at alu.unizg.hr> wrote:
> Hi,
>
> This diff seems to fix the syntax error issue:
> git blame gives commit 32c87516189f6 and 32c87516189f6 as the cause
> of the problem.
Thank you, that bashism has now been fixed.
> About the
>
> up-client output: /usr/local/libexec/ipsec/_updown.xfrm: 432: cannot
> create /etc/resolv.conf: Permission denied
>
> I don't have a clue.
>
> Now I get a different output:
>
> $ sudo ipsec up grf
> 181 "grf"[1] 161.53.83.3 #1: initiating IKEv2 connection
> 181 "grf"[1] 161.53.83.3 #1: sent IKE_SA_INIT request to
> 161.53.83.3:500 182 "grf"[1] 161.53.83.3 #1: sent IKE_AUTH request
> {cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
> 003 "grf"[1] 161.53.83.3 #1: initiator established IKE SA;
> authenticated peer '4096-bit RSASSA-PSS with SHA2_512' digital
> signature using peer certificate '@magrf-ipv4.grf.hr' issued by CA
> 'CN=GRF-UNIZG CA, O=GRF-UNIZG' 002 "grf"[1] 161.53.83.3 #2: received
> INTERNAL_IP4_ADDRESS 192.168.100.10 002 "grf"[1] 161.53.83.3 #2:
> received INTERNAL_IP4_DNS 10.0.0.101 002 "grf"[1] 161.53.83.3 #2:
> received INTERNAL_IP4_DNS 1.0.0.1 002 "grf"[1] 161.53.83.3 #2:
> up-client output: updating resolvconf 002 "grf"[1] 161.53.83.3 #2:
> up-client output: /usr/local/libexec/ipsec/_updown.xfrm: 432: cannot
> create /etc/resolv.conf: Permission denied 004 "grf"[1] 161.53.83.3
> #2: initiator established Child SA using #1; IPsec tunnel
> [192.168.100.10-192.168.100.10:0-65535 0] ->
> [0.0.0.0-255.255.255.255:0-65535 0] {ESPinUDP/ESN=>0x4ef1e1f7
> <0x36c8942c xfrm=AES_GCM_16_256-NONE NATD=161.53.83.3:4500
> DPD=passive} $
Pluto only works if it can manipulate /etc/resolv.conf, That is: we
don't have any support for systemd-resolved. No systemd-resolved user
has provided patches to add support.
--
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <https://foobar.fi/>
More information about the Swan
mailing list