<div dir="ltr">Hi,<div><br><div>We've made significant progress with combined IPv[46] support. Would you be interested in trying things out with a windows client? To enable this just specify both IPv4 and IPv6, something like:</div><div> rightsubnet=2001:db8:0:2::/64,<a href="http://192.0.2.0/24">192.0.2.0/24</a><br></div><div> leftaddresspool=2001:db8:0:3:1::/97,<a href="http://192.0.3.100/28">192.0.3.100/28</a><br></div><div>of course this is all still work-in-progress.</div><div><br></div><div>Andrew<br><div><br></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 1 Nov 2022 at 00:34, Mirsad Goran Todorovac <<a href="mailto:mirsad.todorovac@alu.unizg.hr">mirsad.todorovac@alu.unizg.hr</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Yes, this fixed this issue. :)<br>
Now the Win 10 client connected:</p>
<p><img src="cid:18527bb1db929c7c3871" alt=""></p>
<p>Thanks.</p>
<p>Now only to make IPv6-over-IPv6 connection work.</p>
<p>However, restoring IPv4 VPN regression after upgrade to IPv6 will
suffice. IPv6 VPN would be a nice<br>
thing to have, especially dual-stack, IMHO but any VPN is better
than broken VPN (as a quantum difference).</p>
<p>Kind regards,<br>
Mirsad<br>
</p>
<div>On 11/1/2022 3:45 AM, Andrew Cagney
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">Thanks. Here's the only bit of the log that's
needed:
<div>
<pre style="color:rgb(0,0,0);white-space:pre-wrap">Nov 1 03:11:55.547595: | ***parse IKEv2 Configuration Payload Attribute:
Nov 1 03:11:55.547626: | Attribute Type: IKEv2_INTERNAL_IP4_ADDRESS (0x1)
Nov 1 03:11:55.547653: | length/value: 0 (00 00)
Nov 1 03:11:55.547687: | connection both thinks it has, and really has a lease
Nov 1 03:11:55.547754: | ***parse IKEv2 Configuration Payload Attribute:
Nov 1 03:11:55.547780: | Attribute Type: IKEv2_INTERNAL_IP4_DNS (0x3)
Nov 1 03:11:55.547808: | length/value: 0 (00 00)
Nov 1 03:11:55.547835: | ignoring attribute IKEv2_INTERNAL_IP4_DNS length 0
Nov 1 03:11:55.547859: | ***parse IKEv2 Configuration Payload Attribute:
Nov 1 03:11:55.547885: | Attribute Type: IKEv2_INTERNAL_IP4_NBNS (0x4)
Nov 1 03:11:55.547913: | length/value: 0 (00 00)
Nov 1 03:11:55.547940: | ignoring attribute IKEv2_INTERNAL_IP4_NBNS length 0
Nov 1 03:11:55.547982: "MYCONN-ikev2-cp"[2] 188.252.197.105 #4: ERROR: malformed CP attributeAttribute Type of IKEv2 Configuration Payload Attribute has an unknown value: 23456 (0x5ba0)
Nov 1 03:11:55.548011: | should_send_delete: #4? no, IKEv2 SA in state STATE_V2_IKE_AUTH_CHILD_R0 is not established</pre>
<pre style="color:rgb(0,0,0);white-space:pre-wrap">Try 2cc01a03a8c4bcfcb7c808f233756e96bdb6cfbe </pre>
<pre style="color:rgb(0,0,0);white-space:pre-wrap"></pre>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Mon, 31 Oct 2022 at
22:16, Mirsad Goran Todorovac <<a href="mailto:mirsad.todorovac@alu.unizg.hr" target="_blank">mirsad.todorovac@alu.unizg.hr</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Thanks you, Sir!<br>
</p>
<p>Actually, the connection was never established.</p>
<p>The error mesg in Win 10 is:</p>
<p><img src="cid:18527bb1db9d4675a52" alt=""></p>
<p>The "first bad commit" session log is here: <a href="https://magrf.grf.hr/~mtodorov/tmp/ikev2-ipv4-20221101-01.log" target="_blank">https://magrf.grf.hr/~mtodorov/tmp/ikev2-ipv4-20221101-01.log</a></p>
<p>Kind regards,<br>
Mirsad<br>
</p>
<div>On 10/31/2022 8:45 PM, Andrew Cagney wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Nice work.</div>
<div><br>
</div>
<div>> I have noticed today (after having figured
out how to connect IPv4-only from Windows 10) that I
lose connectivity<br>
with github libreswan, while I still had it with
libreswan-4.9 from tarball.</div>
<div><br>
</div>
<div>When you say "lose" connectivity, do you mean it
never connects or dies after a short while?<br>
</div>
<div><br>
</div>
<div><a href="https://github.com/libreswan/libreswan/commit/bc47dcf87733484f5701b02212c3015a711ca1a9" target="_blank">https://github.com/libreswan/libreswan/commit/bc47dcf87733484f5701b02212c3015a711ca1a9</a>
added code to check the content of the CP payload
so, presumably, microsoft is sending something pluto
didn't expect.</div>
<div><br>
</div>
<div>Was there an error related to CP in the logs? And
if possible try a test run with debug=all enabled so
that the CP payloads are captured and put that in a
bug.<br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Mon, 31 Oct 2022
at 15:07, Mirsad Goran Todorovac <<a href="mailto:mirsad.todorovac@alu.unizg.hr" target="_blank">mirsad.todorovac@alu.unizg.hr</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Hi all,</p>
<p>I have noticed today (after having figured out
how to connect IPv4-only from Windows 10) that I
lose connectivity<br>
with github libreswan, while I still had it with
libreswan-4.9 from tarball.</p>
<p>I felt inspired and bisect gave this (at this
commit I lost IPv4 Win 10 connectivity):</p>
<p><font face="monospace">git bisect good
e75c5ce30d7b6e5311dd05a4d0512a5f61add78f<br>
# bad:
[4e1ceb32c64b8b077c41c538e39c5b6252b826b6]
connections: pass struct connection_end into
extract_end()<br>
git bisect bad
4e1ceb32c64b8b077c41c538e39c5b6252b826b6<br>
# bad:
[bc47dcf87733484f5701b02212c3015a711ca1a9]
ikev2: during IKE_AUTH parse IKEv2 CP requests<br>
git bisect bad
bc47dcf87733484f5701b02212c3015a711ca1a9<br>
# good:
[823443d6c796340128720a295c99f7eacae09d67]
connections: (more) use
...->host->config rather than
...->config->host<br>
git bisect good
823443d6c796340128720a295c99f7eacae09d67<br>
# first bad commit:
[bc47dcf87733484f5701b02212c3015a711ca1a9]
ikev2: during IKE_AUTH parse IKEv2 CP requests<br>
root@magrf:~/libreswan#</font></p>
<p><font face="monospace">Windows specs:</font></p>
<p><font face="monospace"><img src="cid:18527bb1db96959c43b3" alt=""><br>
</font></p>
<p><font face="monospace">VPN server is on Debian
11 Bullseye and stock kernel, on a rather old
development can.</font><br>
</p>
<p>Hope this helps.</p>
<p>Kind regards,<br>
Mirsad<br>
</p>
<pre cols="72">--
Mirsad Todorovac
Sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
--
System engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
tel. +385 (0)1 3711 451
mob. +385 91 57 88 355</pre>
</div>
</blockquote>
</div>
</blockquote>
<pre cols="72">--
Mirsad Todorovac
Sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
--
System engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
tel. +385 (0)1 3711 451
mob. +385 91 57 88 355</pre>
</div>
</blockquote>
</div>
</div>
</blockquote>
<pre cols="72">--
Mirsad Todorovac
Sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
--
System engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
tel. +385 (0)1 3711 451
mob. +385 91 57 88 355</pre>
</div>
</blockquote></div>