<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Thanks Paul!<div class=""><br class=""></div><div class=""><div class="">
<div dir="auto" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">--<br class="Apple-interchange-newline">Saludos / Regards / Cumprimentos</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">António Silva</div><br class="Apple-interchange-newline"></div><br class="Apple-interchange-newline"><br class="Apple-interchange-newline">
</div>
<div><br class=""><blockquote type="cite" class=""><div class="">On 13 Oct 2022, at 22:07, Paul Wouters <<a href="mailto:paul@nohats.ca" class="">paul@nohats.ca</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="content-type" content="text/html; charset=utf-8" class=""><div dir="auto" class="">We will release 4.9 to address this regression in the next day or so<br class=""><br class=""><div dir="ltr" class="">Sent using a virtual keyboard on a phone</div><div dir="ltr" class=""><br class=""><blockquote type="cite" class="">On Oct 13, 2022, at 10:29, António Silva <<a href="mailto:asilva@wirelessmundi.com" class="">asilva@wirelessmundi.com</a>> wrote:<br class=""><br class=""></blockquote></div><blockquote type="cite" class=""><div dir="ltr" class=""><meta http-equiv="Content-Type" content="text/html; charset=utf-8" class=""><div dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div class=""><br class=""></div><div class="">Hi,</div><div class=""><br class=""></div><div class="">I just update libreswan from version 4.7 to 4.8, but with the newest version I can’t establish a connection whit current configuration, it exit with status 134.</div><div class="">Just revert to version 4.7 and everything working ok.</div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">The log when trying to connect:</div><div class=""><br class=""></div><div class=""><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[1] 16.138.17.119 #1: responding to Main Mode from unknown peer 16.138.17.119:500</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[1] 16.138.17.119 #1: sent Main Mode R1</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[1] 16.138.17.119 #1: sent Main Mode R2</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[1] 16.138.17.119 #1: Peer ID is ID_IPV4_ADDR: '192.168.1.60'</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[1] 16.138.17.119 #1: switched to "tunnel8"[2] 16.138.17.119</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[1] 16.138.17.119: deleting connection instance with peer 16.138.17.119 {isakmp=#0/ipsec=#0}</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[2] 16.138.17.119 #1: IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[2] 16.138.17.119 #1: XAUTH: Sending Username/Password request (MAIN_R3->XAUTH_R0)</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[2] 16.138.17.119 #1: XAUTH: password file authentication method requested to authenticate user '<a href="mailto:asilvapt@mad.lab" class="">asilvapt@mad.lab</a>'</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[2] 16.138.17.119 #1: XAUTH: password file (/etc/ipsec.d/passwd) open.</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[2] 16.138.17.119 #1: XAUTH: success user(<a href="mailto:asilvapt@mad.lab" class="">asilvapt@mad.lab</a>:(null))</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[2] 16.138.17.119 #1: XAUTH: User <a href="mailto:asilvapt@mad.lab" class="">asilvapt@mad.lab</a>: Authentication Successful</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[2] 16.138.17.119 #1: XAUTH: xauth_inR1(STF_OK)</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[2] 16.138.17.119 #1: IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}</div><div class=""><br class=""></div><div class="">Oct 13 15:44:04 sol pluto[3555]: | pool 192.168.20.2-192.168.20.2: growing address pool from 0 to 1</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[2] 16.138.17.119 #1: modecfg_inR0(STF_OK)</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[2] 16.138.17.119 #1: sent ModeCfg reply, expecting Ack {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[2] 16.138.17.119 #1: the peer proposed: 192.168.20.0/24 -<all>-> 192.168.20.2/32</div><div class="">Oct 13 15:44:04 sol pluto[3555]: |   checking hostpair 0.0.0.0/0 -> 192.168.20.2/32</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[2] 16.138.17.119 #2: responding to Quick Mode proposal {msgid:537d8833}</div><div class="">Oct 13 15:44:04 sol pluto[3555]: "tunnel8"[2] 16.138.17.119 #2:     us: 0.0.0.0/0===82.100.227.27[@xauth.lab,MS+XS+S=C]  them: 16.138.17.119[192.168.1.60,+MC+XC+S=C]===192.168.20.2/32</div><div class=""><b class="">Oct 13 15:44:04 sol pluto[3555]: ABORT: ASSERTION FAILED: pi->inbound.keymat.len == needed_len (compute_proto_keymat() +339 /programs/pluto/ikev1_quick.c)</b></div><div class=""><b class="">Oct 13 15:44:04 sol ipsec__plutorun[6759]: !pluto failure!:  exited with error status 134 (signal 6)</b></div><div class=""><b class="">Oct 13 15:44:04 sol ipsec__plutorun[6761]: restarting IPsec after pause...</b></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Server configuration: </div><div class="">conn tunnel8-aggr</div><div class=""><span class="Apple-tab-span" style="white-space:pre">   </span>aggrmode=yes</div><div class=""><span class="Apple-tab-span" style="white-space:pre">      </span>also=tunnel8</div><div class=""><br class=""></div><div class="">conn tunnel8</div><div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>pfs=no</div><div class=""><span class="Apple-tab-span" style="white-space:pre">    </span>type=tunnel</div><div class=""><span class="Apple-tab-span" style="white-space:pre">       </span>auto=add</div><div class=""><span class="Apple-tab-span" style="white-space:pre">  </span>ikev2=no</div><div class=""><span class="Apple-tab-span" style="white-space:pre">  </span>phase2=esp</div><div class=""><span class="Apple-tab-span" style="white-space:pre">        </span>authby=secret</div><div class=""><span class="Apple-tab-span" style="white-space:pre">     </span>keyingtries=3</div><div class=""><span class="Apple-tab-span" style="white-space:pre">     </span>ikelifetime=24h</div><div class=""><span class="Apple-tab-span" style="white-space:pre">   </span>salifetime=24h</div><div class=""><span class="Apple-tab-span" style="white-space:pre">    </span>left=82.100.227.27</div><div class=""><span class="Apple-tab-span" style="white-space:pre">        </span>leftsubnet=0.0.0.0/0</div><div class=""><span class="Apple-tab-span" style="white-space:pre">      </span><a href="mailto:leftid=@xauth.lab" class="">leftid=@xauth.lab</a></div><div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>right=%any</div><div class=""><span class="Apple-tab-span" style="white-space:pre">        </span>rightid=%any</div><div class=""><span class="Apple-tab-span" style="white-space:pre">      </span>rightaddresspool=192.168.20.100-192.168.20.254</div><div class=""><span class="Apple-tab-span" style="white-space:pre">    </span>dpddelay=30</div><div class=""><span class="Apple-tab-span" style="white-space:pre">       </span>dpdtimeout=300</div><div class=""><span class="Apple-tab-span" style="white-space:pre">    </span>dpdaction=clear</div><div class=""><span class="Apple-tab-span" style="white-space:pre">   </span>leftxauthserver=yes</div><div class=""><span class="Apple-tab-span" style="white-space:pre">       </span>rightxauthclient=yes</div><div class=""><span class="Apple-tab-span" style="white-space:pre">      </span>leftmodecfgserver=yes</div><div class=""><span class="Apple-tab-span" style="white-space:pre">     </span>rightmodecfgclient=yes</div><div class=""><span class="Apple-tab-span" style="white-space:pre">    </span>modecfgpull=yes</div><div class=""><span class="Apple-tab-span" style="white-space:pre">   </span>fragmentation=yes</div><div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>xauthby=file</div></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Cliente configuration (using libreswan 4.5)</div><div class=""><div class="">conn tunnel1</div><div class=""><span class="Apple-tab-span" style="white-space:pre">     </span>pfs=no</div><div class=""><span class="Apple-tab-span" style="white-space:pre">    </span>type=tunnel</div><div class=""><span class="Apple-tab-span" style="white-space:pre">       </span>auto=start</div><div class=""><span class="Apple-tab-span" style="white-space:pre">        </span>ikev2=no</div><div class=""><span class="Apple-tab-span" style="white-space:pre">  </span>phase2=esp</div><div class=""><span class="Apple-tab-span" style="white-space:pre">        </span>authby=secret</div><div class=""><span class="Apple-tab-span" style="white-space:pre">     </span>keyingtries=3</div><div class=""><span class="Apple-tab-span" style="white-space:pre">     </span>ikelifetime=8h</div><div class=""><span class="Apple-tab-span" style="white-space:pre">    </span>salifetime=8h</div><div class=""><span class="Apple-tab-span" style="white-space:pre">     </span>left=192.168.1.60</div><div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>leftnexthop=16.138.17.119</div><div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>right=xauth.lab</div><div class=""><span class="Apple-tab-span" style="white-space:pre">   </span>rightsubnet=192.168.20.0/24</div><div class=""><span class="Apple-tab-span" style="white-space:pre">       </span><a href="mailto:rightid=@xauth.lab" class="">rightid=@xauth.lab</a></div><div class=""><span class="Apple-tab-span" style="white-space:pre">       </span>dpddelay=30</div><div class=""><span class="Apple-tab-span" style="white-space:pre">       </span>dpdtimeout=300</div><div class=""><span class="Apple-tab-span" style="white-space:pre">    </span>dpdaction=restart</div><div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>leftxauthclient=yes</div><div class=""><span class="Apple-tab-span" style="white-space:pre">       </span>leftmodecfgclient=yes</div><div class=""><span class="Apple-tab-span" style="white-space:pre">     </span><a href="mailto:leftusername=asilvapt@mad.lab" class="">leftusername=asilvapt@mad.lab</a></div><div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>modecfgpull=yes</div><div class=""><span class="Apple-tab-span" style="white-space:pre">   </span>fragmentation=yes</div><div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>ipsec-interface=yes</div></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Thanks for the help.</div><div class=""><br class=""></div><div class="">Regards,</div><div class="">Antonio</div><div class=""><br class="Apple-interchange-newline"><br class="Apple-interchange-newline">
</div>
<br class=""></div><span class="">_______________________________________________</span><br class=""><span class="">Swan mailing list</span><br class=""><span class=""><a href="mailto:Swan@lists.libreswan.org" class="">Swan@lists.libreswan.org</a></span><br class=""><span class=""><a href="https://lists.libreswan.org/mailman/listinfo/swan" class="">https://lists.libreswan.org/mailman/listinfo/swan</a></span><br class=""></div></blockquote></div></div></blockquote></div><br class=""></div></body></html>