>Synopsis: fresh 6.0 install, existing iked policy with psk broken
>Category: system
>Environment:
System : OpenBSD 6.0
Details : OpenBSD 6.0 (GENERIC.MP) #0: Fri Sep 2 13:18:00 CEST 2016
[email protected]:/binpatchng/work-binpatch60-amd64/src/sys/arch/amd64/compile/GENERIC.MP
Architecture: OpenBSD.amd64
Machine : amd64
>Description:
After an upgrade from 5.9 to 6.0, an iked.conf policy using psk stops
at this step :
ikev2_msg_auth: initiator auth data length 526
ikev2_msg_authsign: no pre-shared key found
ikev2_init_auth: failed to get cert
>How-To-Repeat:
use a policy authenticated with psk, for example :
ikev2 "example" active esp \
from 192.168.2.0/24 to 192.168.1.0/24 \
peer 192.0.2.1 \
srcid 192.0.2.254 \
dstid 192.0.2.1 \
psk "examplePSK"
>Fix:
maybe a binary patch including this
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin/iked/parse.y?rev=1.57
a policy using certificates is a workaround
dmesg:
OpenBSD 6.0 (GENERIC.MP) #0: Fri Sep 2 13:18:00 CEST 2016
[email protected]:/binpatchng/work-binpatch60-amd64/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4267814912 (4070MB)
avail mem = 4133994496 (3942MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xe7180 (49 entries)
bios0: vendor American Megatrends Inc. version "1.0b" date 11/06/2013
bios0: Supermicro A1SAi
acpi0 at bios0: rev 2
acpi0: sleep states S0 S5
acpi0: tables DSDT FACP FPDT MCFG WDAT UEFI APIC BDAT HPET SSDT HEST BERT ERST
EINJ
acpi0: wakeup devices PEX1(S0) PEX2(S0) PEX3(S0) EHC1(S0)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Atom(TM) CPU C2558 @ 2.40GHz, 2400.46 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu0: 1MB 64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Atom(TM) CPU C2558 @ 2.40GHz, 2399.99 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu1: 1MB 64b/line 16-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Atom(TM) CPU C2558 @ 2.40GHz, 2399.99 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu2: 1MB 64b/line 16-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Atom(TM) CPU C2558 @ 2.40GHz, 2399.99 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu3: 1MB 64b/line 16-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 20, 24 pins
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (PEX1)
acpiprt2 at acpi0: bus 2 (BR04)
acpiprt3 at acpi0: bus 3 (PEX2)
acpiprt4 at acpi0: bus 4 (PEX3)
acpicpu0 at acpi0: C2(350@41 mwait.3@0x51), C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: C2(350@41 mwait.3@0x51), C1(1000@1 mwait.1), PSS
acpicpu2 at acpi0: C2(350@41 mwait.3@0x51), C1(1000@1 mwait.1), PSS
acpicpu3 at acpi0: C2(350@41 mwait.3@0x51), C1(1000@1 mwait.1), PSS
"PNP0003" at acpi0 not configured
"PNP0C33" at acpi0 not configured
cpu0: Enhanced SpeedStep 2400 MHz: speeds: 2400, 2300, 2200, 2100, 2000, 1900,
1800, 1700, 1600, 1500, 1400, 1300, 1200 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Atom C2000 Host" rev 0x02
ppb0 at pci0 dev 1 function 0 "Intel Atom C2000 PCIE" rev 0x02: msi
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 "ASPEED Technology AST1150 PCI" rev 0x03
pci2 at ppb1 bus 2
vga1 at pci2 dev 0 function 0 "ASPEED Technology AST2000" rev 0x30
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb2 at pci0 dev 2 function 0 "Intel Atom C2000 PCIE" rev 0x02: msi
pci3 at ppb2 bus 3
xhci0 at pci3 dev 0 function 0 "Renesas uPD720201 xHCI" rev 0x03: msi
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 "Renesas xHCI root hub" rev 3.00/1.00 addr 1
ppb3 at pci0 dev 3 function 0 "Intel Atom C2000 PCIE" rev 0x02: msi
pci4 at ppb3 bus 4
vendor "Intel", unknown product 0x1f18 (class processor subclass Co-processor,
rev 0x02) at pci0 dev 11 function 0 not configured
pchb1 at pci0 dev 14 function 0 "Intel Atom C2000 RAS" rev 0x02
"Intel Atom C2000 RCEC" rev 0x02 at pci0 dev 15 function 0 not configured
"Intel Atom C2000 SMBus" rev 0x02 at pci0 dev 19 function 0 not configured
em0 at pci0 dev 20 function 0 "Intel I354 SGMII" rev 0x03: msi, address
00:25:90:f2:6b:16
em1 at pci0 dev 20 function 1 "Intel I354 SGMII" rev 0x03: msi, address
00:25:90:f2:6b:17
em2 at pci0 dev 20 function 2 "Intel I354 SGMII" rev 0x03: msi, address
00:25:90:f2:6b:18
em3 at pci0 dev 20 function 3 "Intel I354 SGMII" rev 0x03: msi, address
00:25:90:f2:6b:19
ehci0 at pci0 dev 22 function 0 "Intel Atom C2000 USB" rev 0x02: apic 2 int 23
usb1 at ehci0: USB revision 2.0
uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ahci0 at pci0 dev 23 function 0 "Intel Atom C2000 AHCI" rev 0x02: msi, AHCI 1.3
scsibus1 at ahci0: 32 targets
ahci1 at pci0 dev 24 function 0 "Intel Atom C2000 AHCI" rev 0x02: msi, AHCI 1.3
ahci1: port 0: 6.0Gb/s
scsibus2 at ahci1: 32 targets
sd0 at scsibus2 targ 0 lun 0: <ATA, ADATA SP900, 5.2.> SCSI3 0/direct fixed
naa.5707c1810000b7d4
sd0: 61057MB, 512 bytes/sector, 125045424 sectors, thin
pcib0 at pci0 dev 31 function 0 "Intel Atom C2000 PCU" rev 0x02
ichiic0 at pci0 dev 31 function 3 "Intel Atom C2000 PCU SMBus" rev 0x02: apic 2
int 18
iic0 at ichiic0
sdtemp0 at iic0 addr 0x18: stts2002
iic0: addr 0x2e 00=3f words 00=3f3f 01=0000 02=0000 03=0000 04=0000 05=0000
06=0000 07=0000
spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM ECC PC3-12800 with thermal sensor
isa0 at pcib0
isadma0 at isa0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
uhub2 at uhub1 port 1 "Intel product 0x07db" rev 2.00/0.02 addr 2
uhidev0 at uhub2 port 1 configuration 1 interface 0 "CHICONY HP Basic USB
Keyboard" rev 2.00/1.30 addr 3
uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 variable keys, 6 key codes
wskbd0 at ukbd0: console keyboard, using wsdisplay0
vscsi0 at root
scsibus3 at vscsi0: 256 targets
softraid0 at root
scsibus4 at softraid0: 256 targets
root on sd0a (e64debd7f2f65630.a) swap on sd0b dump on sd0b
usbdevs:
Controller /dev/usb0:
addr 1: super speed, self powered, config 1, xHCI root hub(0x0000),
Renesas(0x1912), rev 1.00
port 1 disabled
port 2 disabled
port 3 disabled
port 4 disabled
port 5 disabled
port 6 disabled
port 7 disabled
port 8 disabled
Controller /dev/usb1:
addr 1: high speed, self powered, config 1, EHCI root hub(0x0000),
Intel(0x8086), rev 1.00
port 1 addr 2: high speed, self powered, config 1, product 0x07db(0x07db),
Intel(0x8087), rev 0.02
port 1 addr 3: low speed, power 100 mA, config 1, HP Basic USB
Keyboard(0x0024), CHICONY(0x03f0), rev 1.30
port 2 powered
port 3 powered
port 4 powered
port 2 powered
port 3 powered
port 4 powered
port 5 powered
port 6 powered
port 7 powered
port 8 powered
