<div dir="ltr">just saw it again, we're running libreswan 3.16 on ubuntu and we get the following message  <div>#484: ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS must only be used with old IETF drafts</div><div>#484: sending encrypted notification BAD_PROPOSAL_SYNTAX to X.X.X.X:4500 </div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><p style="margin:0cm 0cm 0.0001pt;font-size:12.8px;font-family:Calibri;color:rgb(136,136,136)"><b><span style="font-size:10.5pt;color:rgb(255,99,0)">Amir Naftali</span></b><span style="font-size:10.5pt;color:rgb(89,89,89)">|</span><span style="font-size:10.5pt;color:gray"> </span><b><span style="font-size:10.5pt;color:rgb(89,89,89)">CTO 40Cloud</span></b><span style="font-size:10.5pt;color:rgb(89,89,89)">|</span><b><span style="font-size:10.5pt;color:rgb(127,127,127)"> </span></b><b><span style="font-size:10.5pt;color:rgb(255,99,0)">FireMon</span></b><b><span style="font-size:10.5pt;color:rgb(0,130,192)"></span></b></p><p style="margin:0cm 0cm 0.0001pt;font-size:12.8px;font-family:Calibri;color:rgb(136,136,136)"><span style="font-size:10.5pt;color:rgb(255,99,0)">D:</span><span style="font-size:10.5pt;color:rgb(89,89,89)"> </span><span style="font-size:10.5pt;color:rgb(127,127,127)">+972.73.3905722</span><span style="font-size:10.5pt;color:rgb(89,89,89)">| </span><span style="font-size:10.5pt;color:rgb(255,99,0)">C:</span><b><span style="font-size:10.5pt;color:rgb(237,125,49)"> </span></b><span style="font-size:10.5pt;color:rgb(127,127,127)">+972.54.4972622</span><span style="font-size:10.5pt;color:rgb(89,89,89)"></span></p><p style="margin:0cm 0cm 0.0001pt;font-size:12.8px;font-family:Calibri;color:rgb(136,136,136)"><span style="font-size:10.5pt"><a href="mailto:amir.naftali@firemon.com" style="color:rgb(149,79,114)" target="_blank">amir@</a><a href="http://fortycloud.com" target="_blank">fortycloud.com</a></span><span style="color:rgb(127,127,127)"> </span><span style="color:rgb(89,89,89)">|</span><span style="color:rgb(127,127,127)"> </span><b style="color:rgb(89,89,89);font-size:14px"><i><a href="http://www.40cloud.com/" style="color:rgb(149,79,114);font-style:normal" target="_blank">www.40cloud.com</a></i></b></p><span style="font-size:12.8px"></span><p style="margin:0cm 0cm 0.0001pt;font-size:12.8px;font-family:Calibri;color:rgb(136,136,136)"><b style="font-size:11pt"><i><span style="font-size:10.5pt;color:rgb(89,89,89)"><br></span></i></b></p><p style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri"><font color="#595959"><span style="font-size:14px"><b><i>40Cloud - Making Your Public Cloud Private</i></b></span></font></p></div></div></div>
<br><div class="gmail_quote">On Tue, Jan 9, 2018 at 6:38 PM, Paul Wouters <span dir="ltr"><<a href="mailto:paul@nohats.ca" target="_blank">paul@nohats.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Tue, 9 Jan 2018, Amir Naftali wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
During key renegotiation I see the following messages in the logs<br>
<br>
Jan  9 09:10:20 hostname pluto[7888]: "connection/6x6" #35475: the peer proposed: <a href="http://192.168.48.0/20:0/0" rel="noreferrer" target="_blank">192.168.48.0/20:0/0</a> -> <a href="http://100.16.2.200/32:0/0" rel="noreferrer" target="_blank">100.16.2.200/32:0/0</a><br>
<br>
Jan  9 09:10:20 hostname pluto[7888]: "connection/4x5" #35476: ENCAPSULATION_MODE_UDP_TUNNEL_<wbr>DRAFTS must only be used with old IETF drafts<br>
<br>
Jan 9 09:10:20 hostname pluto[7888]: "connection/4x5" #35476: sending encrypted notification BAD_PROPOSAL_SYNTAX to X.X.X.X:4500 <br>
</blockquote>
<br></span>
that seems to point to this commit:<br>
<br>
commit cae5af428a5182ed0f9d08e9979134<wbr>703f1ce1b1<br>
Author: Paul Wouters <<a href="mailto:paul@xelerance.com" target="_blank">paul@xelerance.com</a>><br>
Date:   Wed Jun 16 16:26:30 2010 -0400<br>
<br>
    The encapsulation mode enum_names were broken, causing the rather<br>
    strange message from spdb_v1_struct.c:<br>
<br>
        ENCAPSULATION_MODE_UDP_TUNNEL must only be used with old IETF drafts<br>
<br>
    (where we would expect ENCAPSULATION_MODE_UDP_TUNNEL_<wbr>DRAFTS instead)<br>
<br>
    Since nothing else used these enums, this was not seen before.<br>
<br>
That seems to suggest that's a 10 year old openswan and not libreswan?<br>
<br>
I surely cannot find anything that could produce that string in our<br>
code. Can you verify it is a reasonably modern libreswan?<span class="HOEnZb"><font color="#888888"><br>
<br>
Paul<br>
</font></span></blockquote></div><br></div>