<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:????
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Hi All:<div><br></div><div>/var/log/pluto.log writes:</div><div>=========================</div><div><p class="MsoNormal"><span style="color:#1F497D">| peer client is
fd6f:d30:1bb6:b419::1<o:p></o:p></span></p>

<p class="MsoNormal"><span style="color:#1F497D">| </span><span style="color:
red">peer client protocol/port is <span style="background:yellow;mso-highlight:
yellow">17/0</span></span><span style="color:#1F497D"><o:p></o:p></span></p>

<p class="MsoNormal"><span style="color:#1F497D">| our client is
fd1d:d30:1bb6:b419::1<o:p></o:p></span></p>

<p class="MsoNormal"><span style="color:#1F497D">| </span><span style="color:
red">our client protocol/port is <span style="background:yellow;mso-highlight:
yellow">17/0</span></span><span style="color:#1F497D"><o:p></o:p></span></p>

<p class="MsoNormal"><span style="color:#1F497D">"ip6.tun0" #113: </span><b>the
peer proposed</b><span style="color:#1F497D">: fd1d:d30:1bb6:b419::1/128:<span style="background-color: rgb(255, 0, 255);">0/0</span>
-> fd6f:d30:1bb6:b419::1/128:<span style="background-color: rgb(255, 0, 255);">0/0</span><o:p></o:p></span></p>

<p class="MsoNormal"><span style="color:#1F497D">| find_client_connection
starting with ip6.tun0<o:p></o:p></span></p>

<p class="MsoNormal"><span style="color:#1F497D">|   looking for
fd1d:d30:1bb6:b419::1/128:</span><span style="color: rgb(255, 0, 0); background-color: rgb(255, 255, 0);">17/0</span><span style="color:#1F497D"> -> fd6f:d30:1bb6:b419::1/128:<o:p></o:p></span><span style="color: rgb(255, 0, 0); font-size: 12pt; background-color: rgb(255, 255, 0);">17/0</span></p><p class="MsoNormal"><span style="color: rgb(255, 0, 0); font-size: 12pt; background-color: rgb(255, 255, 0);"><br></span></p><p class="MsoNormal">Because "<span style="color: rgb(31, 73, 125); font-size: 12pt; background-color: rgb(255, 0, 255);">0/0</span><span style="font-size: 12pt;">" is NOT "</span><span style="color: rgb(255, 0, 0); font-size: 12pt; background-color: rgb(255, 255, 0);">17/0</span><span style="font-size: 12pt;">", </span><span style="color: rgb(31, 73, 125); font-size: 12pt;">find_client_connection() return NULL. As a result, </span><span style="color: rgb(31, 73, 125); font-size: 12pt;">quick_inI1_outR1_authtail() fail "</span><font color="#1f497d">cannot respond to IPsec SA request because no connection is known for</font><span style="color: rgb(31, 73, 125); font-size: 12pt;">" && "</span><font color="#1f497d">sending encrypted notification INVALID_ID_INFORMATION to</font><span style="color: rgb(31, 73, 125); font-size: 12pt;">"</span></p><p class="MsoNormal"><br></p><p class="MsoNormal"><span style="color: rgb(255, 0, 0); font-size: 12pt; background-color: rgb(0, 255, 255);">Question:  how to set local protocol to 17 (UDP) instead of 0? </span></p><p class="MsoNormal"><span style="color: rgb(255, 0, 0); font-size: 12pt; background-color: rgb(255, 255, 0);"><br></span></p><p class="MsoNormal"><span style="color: rgb(255, 0, 0); font-size: 12pt; background-color: rgb(255, 255, 0);"><br></span></p><p class="MsoNormal"><span style="color: rgb(255, 0, 0); font-size: 12pt; background-color: rgb(255, 255, 0);"><br></span></p><p class="MsoNormal"><span style="color:#1F497D">Corresponding source code:<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">==================<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">quick_inI1_outR1_authtail()<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">{<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">……<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">                               
libreswan_log("the peer proposed: %s:%d/%d -> %s:%d/%d",<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">                                               
      s1, c-><span style="background:lime;
mso-highlight:lime">spd.this.protocol</span>,
c->spd.this.port,      </span><span style="font-family:Wingdings;color:#1F497D;background:red;mso-highlight:red">ç</span><span style="color:#1F497D;background:red;mso-highlight:red">==</span><span style="color:#1F497D"> “spd” is “struct spd_route” <o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">                                               
      d1, c-><span style="background:lime;
mso-highlight:lime">spd.that.protocol</span>, c->spd.that.port);<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">……<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">}<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D"> </span></p><p class="MsoNormal"><span style="color:#1F497D">quick_inI1_outR1_authtail()
calls find_client_connection()<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D"> </span></p><p class="MsoNormal"><span style="color:#1F497D">find_client_connection()<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">{<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">….<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">                               
DBG_log("  looking for %s:%d/%d -> %s:%d/%d",<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">                                               
s1, <span style="background:yellow;mso-highlight:yellow">our_protocol</span>,
our_port,<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">                                               
d1, <span style="background:yellow;mso-highlight:yellow">peer_protocol</span>,
peer_port);<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">….<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">                                               
if (samesubnet(&sr->this.client, our_net) &&<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">                                                               
samesubnet(&sr->that.client, peer_net) &&<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">                                                               
</span><b><span style="background:aqua;mso-highlight:aqua">sr->this.protocol</span>
== our_protocol</b> <span style="color:#1F497D">&&    </span><span style="font-family:Wingdings;color:#1F497D;background:red;mso-highlight:red">ç</span><span style="color:#1F497D;background:red;mso-highlight:red">==</span><span style="color:#1F497D"> Does NOT match. “</span><b>sr</b><span style="color:
#1F497D">” is “struct spd_route”. As a result, failed. <o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">                                                               
(!sr->this.port ||<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">                                                                               
sr->this.port == our_port) &&<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">                                                               
(sr->that.protocol == peer_protocol) &&<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">                                                               
(!sr->that.port ||<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">                                                                               
sr->that.port == peer_port)) {<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">                                                               
passert(oriented(*c));<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">                                                               
if (routed(sr->routing))<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">                                                                               
return c;    </span><span style="font-family:Wingdings;
color:#1F497D;background:red;mso-highlight:red">ç</span><span style="color:
#1F497D;background:red;mso-highlight:red"> ==</span><span style="color:#1F497D">
We expect return here, but ….<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D"> </span></p><p class="MsoNormal"><span style="color:#1F497D">                                                               
unrouted = c;<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">                                               
}<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">….<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D">}<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D"> </span></p><p class="MsoNormal">









































































</p><p class="MsoNormal"><span style="color:#1F497D">“<span style="background:lime;
mso-highlight:lime">spd.this.protocol</span>” is same as “</span><b><span style="background:aqua;mso-highlight:aqua">sr->this.protocol</span></b><span style="color:#1F497D">”<o:p></o:p></span></p><p class="MsoNormal"><span style="color:#1F497D"><br></span></p><p class="MsoNormal"><span style="color:#1F497D"><br></span></p><p class="MsoNormal"><span style="color:#1F497D"><br></span></p><p class="MsoNormal"><br></p></div>                                          </div></body>
</html>