<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto">We will release 4.9 to address this regression in the next day or so<br><br><div dir="ltr">Sent using a virtual keyboard on a phone</div><div dir="ltr"><br><blockquote type="cite">On Oct 13, 2022, at 10:29, António Silva <asilva@wirelessmundi.com> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><div dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div class=""><br class=""></div><div class="">Hi,</div><div class=""><br class=""></div><div class="">I just update libreswan from version 4.7 to 4.8, but with the newest version I can’t establish a connection whit current configuration, it exit with status 134.</div><div class="">Just revert to version 4.7 and everything working ok.</div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">The log when trying to connect:</div><div class=""><br class=""></div><div class=""><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[1] 16.138.17.119 #1: responding to Main Mode from unknown peer 16.138.17.119:500</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[1] 16.138.17.119 #1: sent Main Mode R1</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[1] 16.138.17.119 #1: sent Main Mode R2</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[1] 16.138.17.119 #1: Peer ID is ID_IPV4_ADDR: '192.168.1.60'</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[1] 16.138.17.119 #1: switched to "tunnel8"[2] 16.138.17.119</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[1] 16.138.17.119: deleting connection instance with peer 16.138.17.119 {isakmp=#0/ipsec=#0}</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[2] 16.138.17.119 #1: IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[2] 16.138.17.119 #1: XAUTH: Sending Username/Password request (MAIN_R3->XAUTH_R0)</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[2] 16.138.17.119 #1: XAUTH: password file authentication method requested to authenticate user '<a href="mailto:asilvapt@mad.lab" class="">asilvapt@mad.lab</a>'</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[2] 16.138.17.119 #1: XAUTH: password file (/etc/ipsec.d/passwd) open.</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[2] 16.138.17.119 #1: XAUTH: success user(<a href="mailto:asilvapt@mad.lab" class="">asilvapt@mad.lab</a>:(null))</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[2] 16.138.17.119 #1: XAUTH: User <a href="mailto:asilvapt@mad.lab" class="">asilvapt@mad.lab</a>: Authentication Successful</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[2] 16.138.17.119 #1: XAUTH: xauth_inR1(STF_OK)</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[2] 16.138.17.119 #1: IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}</div><div class=""><br class=""></div><div class="">Oct 13 15:44:04 sol pluto[3555]: | pool 192.168.20.2-192.168.20.2: growing address pool from 0 to 1</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[2] 16.138.17.119 #1: modecfg_inR0(STF_OK)</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[2] 16.138.17.119 #1: sent ModeCfg reply, expecting Ack {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[2] 16.138.17.119 #1: the peer proposed: 192.168.20.0/24 -<all>-> 192.168.20.2/32</div><div class="">Oct 13 15:44:04 sol pluto[3555]: |   checking hostpair 0.0.0.0/0 -> 192.168.20.2/32</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[2] 16.138.17.119 #2: responding to Quick Mode proposal {msgid:537d8833}</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[2] 16.138.17.119 #2:     us: 0.0.0.0/0===82.100.227.27[@xauth.lab,MS+XS+S=C]  them: 16.138.17.119[192.168.1.60,+MC+XC+S=C]===192.168.20.2/32</div><div class=""><b class="">Oct 13 15:44:04 sol pluto[3555]: ABORT: ASSERTION FAILED: pi->inbound.keymat.len == needed_len (compute_proto_keymat() +339 /programs/pluto/ikev1_quick.c)</b></div><div class=""><b class="">Oct 13 15:44:04 sol ipsec__plutorun[6759]: !pluto failure!:  exited with error status 134 (signal 6)</b></div><div class=""><b class="">Oct 13 15:44:04 sol ipsec__plutorun[6761]: restarting IPsec after pause...</b></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Server configuration: </div><div class="">conn tunnel8-aggr</div><div class=""><span class="Apple-tab-span" style="white-space:pre">     </span>aggrmode=yes</div><div class=""><span class="Apple-tab-span" style="white-space:pre">      </span>also=tunnel8</div><div class=""><br class=""></div><div class="">conn tunnel8</div><div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>pfs=no</div><div class=""><span class="Apple-tab-span" style="white-space:pre">    </span>type=tunnel</div><div class=""><span class="Apple-tab-span" style="white-space:pre">       </span>auto=add</div><div class=""><span class="Apple-tab-span" style="white-space:pre">  </span>ikev2=no</div><div class=""><span class="Apple-tab-span" style="white-space:pre">  </span>phase2=esp</div><div class=""><span class="Apple-tab-span" style="white-space:pre">        </span>authby=secret</div><div class=""><span class="Apple-tab-span" style="white-space:pre">     </span>keyingtries=3</div><div class=""><span class="Apple-tab-span" style="white-space:pre">     </span>ikelifetime=24h</div><div class=""><span class="Apple-tab-span" style="white-space:pre">   </span>salifetime=24h</div><div class=""><span class="Apple-tab-span" style="white-space:pre">    </span>left=82.100.227.27</div><div class=""><span class="Apple-tab-span" style="white-space:pre">        </span>leftsubnet=0.0.0.0/0</div><div class=""><span class="Apple-tab-span" style="white-space:pre">      </span><a href="mailto:leftid=@xauth.lab" class="">leftid=@xauth.lab</a></div><div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>right=%any</div><div class=""><span class="Apple-tab-span" style="white-space:pre">        </span>rightid=%any</div><div class=""><span class="Apple-tab-span" style="white-space:pre">      </span>rightaddresspool=192.168.20.100-192.168.20.254</div><div class=""><span class="Apple-tab-span" style="white-space:pre">    </span>dpddelay=30</div><div class=""><span class="Apple-tab-span" style="white-space:pre">       </span>dpdtimeout=300</div><div class=""><span class="Apple-tab-span" style="white-space:pre">    </span>dpdaction=clear</div><div class=""><span class="Apple-tab-span" style="white-space:pre">   </span>leftxauthserver=yes</div><div class=""><span class="Apple-tab-span" style="white-space:pre">       </span>rightxauthclient=yes</div><div class=""><span class="Apple-tab-span" style="white-space:pre">      </span>leftmodecfgserver=yes</div><div class=""><span class="Apple-tab-span" style="white-space:pre">     </span>rightmodecfgclient=yes</div><div class=""><span class="Apple-tab-span" style="white-space:pre">    </span>modecfgpull=yes</div><div class=""><span class="Apple-tab-span" style="white-space:pre">   </span>fragmentation=yes</div><div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>xauthby=file</div></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Cliente configuration (using libreswan 4.5)</div><div class=""><div class="">conn tunnel1</div><div class=""><span class="Apple-tab-span" style="white-space:pre">     </span>pfs=no</div><div class=""><span class="Apple-tab-span" style="white-space:pre">    </span>type=tunnel</div><div class=""><span class="Apple-tab-span" style="white-space:pre">       </span>auto=start</div><div class=""><span class="Apple-tab-span" style="white-space:pre">        </span>ikev2=no</div><div class=""><span class="Apple-tab-span" style="white-space:pre">  </span>phase2=esp</div><div class=""><span class="Apple-tab-span" style="white-space:pre">        </span>authby=secret</div><div class=""><span class="Apple-tab-span" style="white-space:pre">     </span>keyingtries=3</div><div class=""><span class="Apple-tab-span" style="white-space:pre">     </span>ikelifetime=8h</div><div class=""><span class="Apple-tab-span" style="white-space:pre">    </span>salifetime=8h</div><div class=""><span class="Apple-tab-span" style="white-space:pre">     </span>left=192.168.1.60</div><div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>leftnexthop=16.138.17.119</div><div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>right=xauth.lab</div><div class=""><span class="Apple-tab-span" style="white-space:pre">   </span>rightsubnet=192.168.20.0/24</div><div class=""><span class="Apple-tab-span" style="white-space:pre">       </span><a href="mailto:rightid=@xauth.lab" class="">rightid=@xauth.lab</a></div><div class=""><span class="Apple-tab-span" style="white-space:pre">       </span>dpddelay=30</div><div class=""><span class="Apple-tab-span" style="white-space:pre">       </span>dpdtimeout=300</div><div class=""><span class="Apple-tab-span" style="white-space:pre">    </span>dpdaction=restart</div><div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>leftxauthclient=yes</div><div class=""><span class="Apple-tab-span" style="white-space:pre">       </span>leftmodecfgclient=yes</div><div class=""><span class="Apple-tab-span" style="white-space:pre">     </span><a href="mailto:leftusername=asilvapt@mad.lab" class="">leftusername=asilvapt@mad.lab</a></div><div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>modecfgpull=yes</div><div class=""><span class="Apple-tab-span" style="white-space:pre">   </span>fragmentation=yes</div><div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>ipsec-interface=yes</div></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Thanks for the help.</div><div class=""><br class=""></div><div class="">Regards,</div><div class="">Antonio</div><div class=""><br class="Apple-interchange-newline"><br class="Apple-interchange-newline">
</div>
<br class=""></div><span>_______________________________________________</span><br><span>Swan mailing list</span><br><span>Swan@lists.libreswan.org</span><br><span>https://lists.libreswan.org/mailman/listinfo/swan</span><br></div></blockquote></body></html>