Hi
I tested strongSwan 5.2.0 on FreeBSD 10 and during some of the tests I receive
the following errors.
ipsec up net-net
initiating IKE_SA net-net[1] to 192.168.0.2
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 192.168.0.1[500] to 192.168.0.2[500] (676 bytes)
received packet: from 192.168.0.2[500] to 192.168.0.1[500] (440 bytes)
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH)
]
authentication of 'moon.strongswan.org' (myself) with RSA signature successful
establishing CHILD_SA net-net
generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N)
SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(MULT_AUTH)
N(EAP_ONLY) ]
sending packet: from 192.168.0.1[4500] to 192.168.0.2[4500] (716 bytes)
received packet: from 192.168.0.2[4500] to 192.168.0.1[4500] (540 bytes)
parsed IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(AUTH_LFT)
N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) ]
using trusted certificate "sun.strongswan.org"
authentication of 'sun.strongswan.org' with RSA signature successful
IKE_SA net-net[1] established between
192.168.0.1[moon.strongswan.org]...192.168.0.2[sun.strongswan.org]
scheduling reauthentication in 3389s
maximum IKE_SA lifetime 3569s
received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
thread 16 received 11
dumping 2 stack frame addresses:
/lib/libthr.so.3 @ 0x801112000 (_swapcontext+0x15b) [0x80112040b]
-> ??:0
/lib/libthr.so.3 @ 0x801112000 (sigaction+0x343) [0x80111fff3]
-> ??:0
killing ourself, received critical signal
Most of the other tests execute successfully.
daemon.log file
Jul 13 13:07:42 moon charon: 00[DMN] Starting IKE charon daemon (strongSwan
5.2.0, FreeBSD 10.0-RELEASE, amd64)
Jul 13 13:07:42 moon charon: 00[KNL] unable to set UDP_ENCAP: Invalid argument
Jul 13 13:07:42 moon charon: 00[NET] enabling UDP decapsulation for IPv6 on
port 4500 failed
Jul 13 13:07:42 moon charon: 00[CFG] loading ca certificates from
'/usr/local/etc/ipsec.d/cacerts'
Jul 13 13:07:42 moon charon: 00[CFG] loading aa certificates from
'/usr/local/etc/ipsec.d/aacerts'
Jul 13 13:07:42 moon charon: 00[CFG] loading ocsp signer certificates from
'/usr/local/etc/ipsec.d/ocspcerts'
Jul 13 13:07:42 moon charon: 00[CFG] loading attribute certificates from
'/usr/local/etc/ipsec.d/acerts'
Jul 13 13:07:42 moon charon: 00[CFG] loading crls from
'/usr/local/etc/ipsec.d/crls'
Jul 13 13:07:42 moon charon: 00[CFG] loading secrets from
'/usr/local/etc/ipsec.secrets'
Jul 13 13:07:42 moon charon: 00[CFG] loaded RSA private key from
'/usr/local/etc/ipsec.d/private/moonKey.der'
Jul 13 13:07:42 moon charon: 00[LIB] loaded plugins: charon sha1 sha2 md5 aes
des hmac gmp dnskey pem pkcs1 pubkey random nonce curl kernel-pfkey
kernel-pfroute socket-default stroke updown
Jul 13 13:07:42 moon charon: 00[JOB] spawning 16 worker threads
Jul 13 13:07:42 moon charon: 16[CFG] received stroke: add connection 'net-net'
Jul 13 13:07:42 moon charon: 16[CFG] loaded RSA public key for
"moon.strongswan.org"
Jul 13 13:07:42 moon charon: 16[CFG] loaded RSA public key for
"sun.strongswan.org"
Jul 13 13:07:42 moon charon: 16[CFG] added configuration 'net-net'
Jul 13 13:07:44 moon charon: 15[CFG] received stroke: initiate 'net-net'
Jul 13 13:07:44 moon charon: 16[IKE] initiating IKE_SA net-net[1] to 192.168.0.2
Jul 13 13:07:44 moon charon: 16[ENC] generating IKE_SA_INIT request 0 [ SA KE
No N(NATD_S_IP) N(NATD_D_IP) ]
Jul 13 13:07:44 moon charon: 16[NET] sending packet: from 192.168.0.1[500] to
192.168.0.2[500] (676 bytes)
Jul 13 13:07:44 moon charon: 16[NET] received packet: from 192.168.0.2[500] to
192.168.0.1[500] (440 bytes)
Jul 13 13:07:44 moon charon: 16[ENC] parsed IKE_SA_INIT response 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
Jul 13 13:07:44 moon charon: 16[IKE] authentication of 'moon.strongswan.org'
(myself) with RSA signature successful
Jul 13 13:07:44 moon charon: 16[IKE] establishing CHILD_SA net-net
Jul 13 13:07:44 moon charon: 16[ENC] generating IKE_AUTH request 1 [ IDi
N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP)
N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
Jul 13 13:07:44 moon charon: 16[NET] sending packet: from 192.168.0.1[4500] to
192.168.0.2[4500] (716 bytes)
Jul 13 13:07:45 moon charon: 16[NET] received packet: from 192.168.0.2[4500] to
192.168.0.1[4500] (540 bytes)
Jul 13 13:07:45 moon charon: 16[ENC] parsed IKE_AUTH response 1 [ IDr AUTH
N(ESP_TFC_PAD_N) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR)
N(ADD_6_ADDR) N(ADD_6_ADDR) ]
Jul 13 13:07:45 moon charon: 16[CFG] using trusted certificate
"sun.strongswan.org"
Jul 13 13:07:45 moon charon: 16[IKE] authentication of 'sun.strongswan.org'
with RSA signature successful
Jul 13 13:07:45 moon charon: 16[IKE] IKE_SA net-net[1] established between
192.168.0.1[moon.strongswan.org]...192.168.0.2[sun.strongswan.org]
Jul 13 13:07:45 moon charon: 16[IKE] scheduling reauthentication in 3389s
Jul 13 13:07:45 moon charon: 16[IKE] maximum IKE_SA lifetime 3569s
Jul 13 13:07:45 moon charon: 16[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED,
not using ESPv3 TFC padding
Jul 13 13:07:46 moon charon: 16[DMN] thread 16 received 11
Jul 13 13:07:46 moon charon: 16[LIB] dumping 2 stack frame addresses:
Jul 13 13:07:46 moon charon: 16[LIB] /lib/libthr.so.3 @ 0x801112000
(_swapcontext+0x15b) [0x80112040b]
Jul 13 13:07:46 moon charon: 16[LIB] -> ??:0
Jul 13 13:07:46 moon charon: 16[LIB] /lib/libthr.so.3 @ 0x801112000
(sigaction+0x343) [0x80111fff3]
Jul 13 13:07:46 moon charon: 16[LIB] -> ??:0
Jul 13 13:07:46 moon charon: 16[DMN] killing ourself, received critical signal
Jul 13 13:07:52 moon charon: 00[DMN] Starting IKE charon daemon (strongSwan
5.2.0, FreeBSD 10.0-RELEASE, amd64)
Jul 13 13:07:52 moon charon: 00[KNL] unable to set UDP_ENCAP: Invalid argument
Jul 13 13:07:52 moon charon: 00[NET] enabling UDP decapsulation for IPv6 on
port 4500 failed
Jul 13 13:07:52 moon charon: 00[CFG] loading ca certificates from
'/usr/local/etc/ipsec.d/cacerts'
Jul 13 13:07:52 moon charon: 00[CFG] loading aa certificates from
'/usr/local/etc/ipsec.d/aacerts'
Jul 13 13:07:52 moon charon: 00[CFG] loading ocsp signer certificates from
'/usr/local/etc/ipsec.d/ocspcerts'
Jul 13 13:07:52 moon charon: 00[CFG] loading attribute certificates from
'/usr/local/etc/ipsec.d/acerts'
Jul 13 13:07:52 moon charon: 00[CFG] loading crls from
'/usr/local/etc/ipsec.d/crls'
Jul 13 13:07:52 moon charon: 00[CFG] loading secrets from
'/usr/local/etc/ipsec.secrets'
Jul 13 13:07:52 moon charon: 00[CFG] loaded RSA private key from
'/usr/local/etc/ipsec.d/private/moonKey.der'
Jul 13 13:07:52 moon charon: 00[LIB] loaded plugins: charon sha1 sha2 md5 aes
des hmac gmp dnskey pem pkcs1 pubkey random nonce curl kernel-pfkey
kernel-pfroute socket-default stroke updown
Jul 13 13:07:52 moon charon: 00[LIB] unable to load 13 plugin features (13 due
to unmet dependencies)
Jul 13 13:07:52 moon charon: 00[JOB] spawning 16 worker threads
Jul 13 13:07:52 moon charon: 16[CFG] received stroke: add connection 'net-net'
Jul 13 13:07:52 moon charon: 16[CFG] loaded RSA public key for
"moon.strongswan.org"
Jul 13 13:07:52 moon charon: 16[CFG] loaded RSA public key for
"sun.strongswan.org"
Jul 13 13:07:52 moon charon: 16[CFG] added configuration 'net-net'
Jul 13 13:08:04 moon charon: 00[DMN] signal of type SIGINT received. Shutting
down
Important Notice:
This e-mail and its contents are subject to the Nanoteq (Pty) Ltd e-mail legal
notice available at:
http://www.nanoteq.com/AboutUs/EmailDisclaimer.aspx
_______________________________________________
Dev mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/dev
