Re: [strongSwan] pools attrs
Hello Volodymyr,
The attributes are unhandled because there is no handler registered for it in
the code.
You can extend the updown plugin to handle those attributes but it's unlikely
your changes
would be merged because the updown plugin is considered deprecated.
Kind regards
Noel
Am 08.04.21 um 11:25 schrieb Volodymyr Litovka:
In general, what I need to get. I'm trying to build kind of mesh topology,
where every host can be both client and server at the same time for different
connections (it can accept connections and place connections to another hosts).
Routing is OSPF-based and in order to run OSPF over tunnels, I need to specify
an addressing on interface like the following statement -
$ ip addr add ${PLUTO_MY_SOURCEIP} peer ${PLUTO_PEER_SOURCEIP} dev
xfrm${PLUTO_IF_ID_IN}
- while on the server side I have both server peer address (I just know
it) and client peer address (PLUTO_PEER_SOURCEIP),
- the issue is on the client side: it has only PLUTO_MY_SOURCEIP and no
ideas which is PLUTO_PEER_SOURCEIP
What I want is to use any of the available attribute in pools definition (e.g.
"server") to signal on remote side server's peer address.
I managed to work over "dns" attribute (enabling dns_handler in updown.conf,
while keeping resolve.conf disabled) but DNS is widely used attributed and this trick can
be unapplicable in most situations.
So the question is - how to get e.g. "server" attribute in PLUTO_* variables?
On 08.04.2021 01:20, Volodymyr Litovka wrote:
Hi colleagues,
are there any ways to get remote side attributes, specified in "pools"
section, like:
pools {
s1-pool {
addrs = 25.0.0.2-25.0.1.255
netmask = "255.255.254.0"
}
}
at the moment, my updown script on the client shows the following ones
upon launch:
updown: PLUTO_PEER_ID=s1
updown: PLUTO_ME=10.1.2.10
updown: PLUTO_IF_ID_OUT=10
updown: PLUTO_PEER_CLIENT=0.0.0.0/0
updown: PLUTO_IF_ID_IN=10
updown: PLUTO_VERSION=1.1
updown: PLUTO_REQID=1
updown: PLUTO_MY_PORT=0
updown: PLUTO_MY_PROTOCOL=0
updown: PLUTO_PEER_PORT=0
updown: PLUTO_MY_SOURCEIP4_1=25.0.0.2
updown: PLUTO_CONNECTION=s2
updown: PLUTO_PEER_PROTOCOL=0
updown: PLUTO_MY_CLIENT=0.0.0.0/0
updown: PLUTO_MY_ID=s2
updown: PLUTO_PEER=10.1.1.10
updown: PLUTO_VERB=up-client
updown: PLUTO_INTERFACE=eth0
updown: PLUTO_UNIQUEID=1
updown: PLUTO_MY_SOURCEIP=25.0.0.2
updown: PLUTO_PROTO=esp
updown: PLUTO_UDP_ENC=4500
and there is no information on 'netmask' which is specified on the server.
Thank you.
--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison
--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison
OpenPGP_signature
Description: OpenPGP digital signature
Re: [strongSwan] pools attrs
In general, what I need to get. I'm trying to build kind of mesh
topology, where every host can be both client and server at the same
time for different connections (it can accept connections and place
connections to another hosts). Routing is OSPF-based and in order to run
OSPF over tunnels, I need to specify an addressing on interface like the
following statement -
$ ip addr add ${PLUTO_MY_SOURCEIP} peer ${PLUTO_PEER_SOURCEIP} dev
xfrm${PLUTO_IF_ID_IN}
- while on the server side I have both server peer address (I just know
it) and client peer address (PLUTO_PEER_SOURCEIP),
- the issue is on the client side: it has only PLUTO_MY_SOURCEIP and no
ideas which is PLUTO_PEER_SOURCEIP
What I want is to use any of the available attribute in pools definition
(e.g. "server") to signal on remote side server's peer address.
I managed to work over "dns" attribute (enabling dns_handler in
updown.conf, while keeping resolve.conf disabled) but DNS is widely used
attributed and this trick can be unapplicable in most situations.
So the question is - how to get e.g. "server" attribute in PLUTO_*
variables?
On 08.04.2021 01:20, Volodymyr Litovka wrote:
Hi colleagues,
are there any ways to get remote side attributes, specified in "pools"
section, like:
pools {
s1-pool {
addrs = 25.0.0.2-25.0.1.255
netmask = "255.255.254.0"
}
}
at the moment, my updown script on the client shows the following ones
upon launch:
updown: PLUTO_PEER_ID=s1
updown: PLUTO_ME=10.1.2.10
updown: PLUTO_IF_ID_OUT=10
updown: PLUTO_PEER_CLIENT=0.0.0.0/0
updown: PLUTO_IF_ID_IN=10
updown: PLUTO_VERSION=1.1
updown: PLUTO_REQID=1
updown: PLUTO_MY_PORT=0
updown: PLUTO_MY_PROTOCOL=0
updown: PLUTO_PEER_PORT=0
updown: PLUTO_MY_SOURCEIP4_1=25.0.0.2
updown: PLUTO_CONNECTION=s2
updown: PLUTO_PEER_PROTOCOL=0
updown: PLUTO_MY_CLIENT=0.0.0.0/0
updown: PLUTO_MY_ID=s2
updown: PLUTO_PEER=10.1.1.10
updown: PLUTO_VERB=up-client
updown: PLUTO_INTERFACE=eth0
updown: PLUTO_UNIQUEID=1
updown: PLUTO_MY_SOURCEIP=25.0.0.2
updown: PLUTO_PROTO=esp
updown: PLUTO_UDP_ENC=4500
and there is no information on 'netmask' which is specified on the server.
Thank you.
--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison
--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison
Re: [strongSwan] pools attrs
Hi again,
and there are the following errors in log which can be related to the
issue -
Apr 7 22:48:55 s2 charon-systemd[25189]: processing INTERNAL_IP4_ADDRESS
attribute
Apr 7 22:48:55 s2 charon-systemd[25189]: processing INTERNAL_IP4_NETMASK
attribute
Apr 7 22:48:55 s2 charon-systemd[25189]: handling INTERNAL_IP4_NETMASK
attribute failed
Apr 7 22:48:55 s2 charon-systemd[25189]: processing INTERNAL_IP4_SERVER
attribute
Apr 7 22:48:55 s2 charon-systemd[25189]: handling INTERNAL_IP4_SERVER
attribute failed
Apr 7 22:48:55 s2 charon-systemd[25189]: processing INTERNAL_IP4_DNS attribute
Apr 7 22:48:55 s2 charon-systemd[25189]: handling INTERNAL_IP4_DNS attribute
failed
seems client side sees multiple attributes I configured on remote side,
but for some reasons fails to process them.
Any suggestions on where to see for the problem?
Thank you
On 08.04.2021 01:20, Volodymyr Litovka wrote:
Hi colleagues,
are there any ways to get remote side attributes, specified in "pools"
section, like:
pools {
s1-pool {
addrs = 25.0.0.2-25.0.1.255
netmask = "255.255.254.0"
}
}
at the moment, my updown script on the client shows the following ones
upon launch:
updown: PLUTO_PEER_ID=s1
updown: PLUTO_ME=10.1.2.10
updown: PLUTO_IF_ID_OUT=10
updown: PLUTO_PEER_CLIENT=0.0.0.0/0
updown: PLUTO_IF_ID_IN=10
updown: PLUTO_VERSION=1.1
updown: PLUTO_REQID=1
updown: PLUTO_MY_PORT=0
updown: PLUTO_MY_PROTOCOL=0
updown: PLUTO_PEER_PORT=0
updown: PLUTO_MY_SOURCEIP4_1=25.0.0.2
updown: PLUTO_CONNECTION=s2
updown: PLUTO_PEER_PROTOCOL=0
updown: PLUTO_MY_CLIENT=0.0.0.0/0
updown: PLUTO_MY_ID=s2
updown: PLUTO_PEER=10.1.1.10
updown: PLUTO_VERB=up-client
updown: PLUTO_INTERFACE=eth0
updown: PLUTO_UNIQUEID=1
updown: PLUTO_MY_SOURCEIP=25.0.0.2
updown: PLUTO_PROTO=esp
updown: PLUTO_UDP_ENC=4500
and there is no information on 'netmask' which is specified on the server.
Thank you.
--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison
--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison
[strongSwan] pools attrs
Hi colleagues,
are there any ways to get remote side attributes, specified in "pools"
section, like:
pools {
s1-pool {
addrs = 25.0.0.2-25.0.1.255
netmask = "255.255.254.0"
}
}
at the moment, my updown script on the client shows the following ones
upon launch:
updown: PLUTO_PEER_ID=s1
updown: PLUTO_ME=10.1.2.10
updown: PLUTO_IF_ID_OUT=10
updown: PLUTO_PEER_CLIENT=0.0.0.0/0
updown: PLUTO_IF_ID_IN=10
updown: PLUTO_VERSION=1.1
updown: PLUTO_REQID=1
updown: PLUTO_MY_PORT=0
updown: PLUTO_MY_PROTOCOL=0
updown: PLUTO_PEER_PORT=0
updown: PLUTO_MY_SOURCEIP4_1=25.0.0.2
updown: PLUTO_CONNECTION=s2
updown: PLUTO_PEER_PROTOCOL=0
updown: PLUTO_MY_CLIENT=0.0.0.0/0
updown: PLUTO_MY_ID=s2
updown: PLUTO_PEER=10.1.1.10
updown: PLUTO_VERB=up-client
updown: PLUTO_INTERFACE=eth0
updown: PLUTO_UNIQUEID=1
updown: PLUTO_MY_SOURCEIP=25.0.0.2
updown: PLUTO_PROTO=esp
updown: PLUTO_UDP_ENC=4500
and there is no information on 'netmask' which is specified on the server.
Thank you.
--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison
