Hi Timo
It's your version compiled from source, I assume that is the correct
patched one?
git clone -b tteras-release git://git.alpinelinux.org/user/tteras/strongswan
./configure --enable-systemd --enable-swanctl --with-systemd
systemunitdir=/etc/systemd/system/multi-user.target.wants --prefix=/usr
--sysconfdir=/etc
make
make install
Ubuntu version is 17.04 but also tried with 16.04 and everything was the
same.
Unsure why there are no TX counters on GRE1 which is a bad sign.
I'm about to test on a VM to see if there is any difference vs the above
which was done in an privileged LXD container.
And yeah can't se anything related to ipsec happening, nothing in "ipsec
status" and no 500 or 4500 udp packets, just BGP tries to peer but sourcing
from ETH0 and not GRE1 which is weird.
Cheers,
Jon.
On Sun, 30 Jul 2017 at 15:56 Timo Teras <timo.te...@iki.fi> wrote:
> On Sun, 30 Jul 2017 09:30:13 +0000
> "M87tech [Jon]" <m87t...@gmail.com> wrote:
>
> > Hi,
> >
> > I'm trying to get a dmvpn testbed up and running using privileged LXD
> > containers.
> >
> > So far I'm stuck with an error message that looks to be related to the
> > interfaces some how, the logs show its resolved the hub then waiting
> > for a link:
> >
> > 2017/07/30 09:17:22.84 NHRP: gre1: bound to eth0
> > 2017/07/30 09:17:23.75 NHRP: VICI: Connected
> > 2017/07/30 09:17:23.75 NHRP: VICI: Message 5, 1 bytes
> > 2017/07/30 09:17:23.75 NHRP: VICI: Message 5, 1 bytes
> > 2017/07/30 09:17:23.75 NHRP: VICI: Message 5, 1 bytes
> > 2017/07/30 09:17:23.75 NHRP: VICI: Message 5, 1 bytes
> > 2017/07/30 09:17:23.75 NHRP: VICI: Message 1, 1 bytes
> > 2017/07/30 09:17:23.84 NHRP: [0x23e4f30] Resolving
> > 'hub6.wizznet.co.uk' 2017/07/30 09:17:23.84 NHRP: Netlink: Received
> > msg_type 28, msg_flags 0 2017/07/30 09:17:23.86 NHRP: [0x23e4f30]
> > Resolved with 1 results 2017/07/30 09:17:23.91 NHRP: NHS: Waiting
> > link for 51.15.49.245 2017/07/30 09:17:34.06 NHRP: Netlink-log:
> > Received msg_type 2, msg_flags 0 2017/07/30 09:17:34.06 NHRP: NHS:
> > Flush timer for 51.15.49.245 2017/07/30 09:17:34.08 NHRP: NHS:
> > Waiting link for 51.15.49.245 2017/07/30 09:17:36.08 NHRP:
> > vici_reconnect: failure connecting VICI socket: Connection refused
>
> VICI reconnect is unusual? Did you restart strongSwan? Is the
> strongSwan you are running patched with the required changes?
>
> Details on the above patches should be in frr's nhrpd/README.nhrp
>
> > 2017/07/30 09:17:38.08 NHRP: VICI: Connected
> > 2017/07/30 09:17:38.08 NHRP: VICI: Message 5, 1 bytes
> > 2017/07/30 09:17:38.08 NHRP: VICI: Message 5, 1 bytes
> > 2017/07/30 09:17:38.08 NHRP: VICI: Message 5, 1 bytes
> > 2017/07/30 09:17:38.08 NHRP: VICI: Message 5, 1 bytes
> > 2017/07/30 09:17:38.08 NHRP: VICI: Message 1, 1 bytes
> > 2017/07/30 09:17:44.72 NHRP: Netlink: Received msg_type 28, msg_flags
> > 0
> >
> > Particular message "msg_type 28" keeps repeating on and on.
>
> That is pretty normal.
>
> > I don't see any TX traffic counters on interface gre1
> >
> > after a tcpdump BGP packets are sourcing from eth0 which doesn't seem
> > right at all so it looks like nhrp isn't using the gre1 interface.
> >
> > I'm wondering if this is an issue with the fact that it is in a
> > container vs a normal machine or VM.
> >
> > the container is privileged and unconfined so has access to tunnel
> > interfaces (in theory!)
> > I don't see any ipsec packets on 500 or 4500 udp, not a peep. It
> > looks like its not even attempting to use the gre1 interface and thus
> > no ipsec? Just unencrypted bgp packets from eth0 with destination of
> > the hub.
>
> First thing happening should be the IKE SA being established. So if you
> don't see port 500/4500 traffic, then integration to strongSwan is not
> working right.
>
> > Any help or pointers would be much appreciated!
>
> Which strongSwan you have?
>
> Timo
>
--
M87 TECH
Jon Clayton
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
opennhrp-devel mailing list
opennhrp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opennhrp-devel
