Re: [strongSwan] pools attrs
Hello Volodymyr, The attributes are unhandled because there is no handler registered for it in the code. You can extend the updown plugin to handle those attributes but it's unlikely your changes would be merged because the updown plugin is considered deprecated. Kind regards Noel Am 08.04.21 um 11:25 schrieb Volodymyr Litovka: In general, what I need to get. I'm trying to build kind of mesh topology, where every host can be both client and server at the same time for different connections (it can accept connections and place connections to another hosts). Routing is OSPF-based and in order to run OSPF over tunnels, I need to specify an addressing on interface like the following statement - $ ip addr add ${PLUTO_MY_SOURCEIP} peer ${PLUTO_PEER_SOURCEIP} dev xfrm${PLUTO_IF_ID_IN} - while on the server side I have both server peer address (I just know it) and client peer address (PLUTO_PEER_SOURCEIP), - the issue is on the client side: it has only PLUTO_MY_SOURCEIP and no ideas which is PLUTO_PEER_SOURCEIP What I want is to use any of the available attribute in pools definition (e.g. "server") to signal on remote side server's peer address. I managed to work over "dns" attribute (enabling dns_handler in updown.conf, while keeping resolve.conf disabled) but DNS is widely used attributed and this trick can be unapplicable in most situations. So the question is - how to get e.g. "server" attribute in PLUTO_* variables? On 08.04.2021 01:20, Volodymyr Litovka wrote: Hi colleagues, are there any ways to get remote side attributes, specified in "pools" section, like: pools { s1-pool { addrs = 25.0.0.2-25.0.1.255 netmask = "255.255.254.0" } } at the moment, my updown script on the client shows the following ones upon launch: updown: PLUTO_PEER_ID=s1 updown: PLUTO_ME=10.1.2.10 updown: PLUTO_IF_ID_OUT=10 updown: PLUTO_PEER_CLIENT=0.0.0.0/0 updown: PLUTO_IF_ID_IN=10 updown: PLUTO_VERSION=1.1 updown: PLUTO_REQID=1 updown: PLUTO_MY_PORT=0 updown: PLUTO_MY_PROTOCOL=0 updown: PLUTO_PEER_PORT=0 updown: PLUTO_MY_SOURCEIP4_1=25.0.0.2 updown: PLUTO_CONNECTION=s2 updown: PLUTO_PEER_PROTOCOL=0 updown: PLUTO_MY_CLIENT=0.0.0.0/0 updown: PLUTO_MY_ID=s2 updown: PLUTO_PEER=10.1.1.10 updown: PLUTO_VERB=up-client updown: PLUTO_INTERFACE=eth0 updown: PLUTO_UNIQUEID=1 updown: PLUTO_MY_SOURCEIP=25.0.0.2 updown: PLUTO_PROTO=esp updown: PLUTO_UDP_ENC=4500 and there is no information on 'netmask' which is specified on the server. Thank you. -- Volodymyr Litovka "Vision without Execution is Hallucination." -- Thomas Edison -- Volodymyr Litovka "Vision without Execution is Hallucination." -- Thomas Edison OpenPGP_signature Description: OpenPGP digital signature
Re: [strongSwan] pools attrs
In general, what I need to get. I'm trying to build kind of mesh topology, where every host can be both client and server at the same time for different connections (it can accept connections and place connections to another hosts). Routing is OSPF-based and in order to run OSPF over tunnels, I need to specify an addressing on interface like the following statement - $ ip addr add ${PLUTO_MY_SOURCEIP} peer ${PLUTO_PEER_SOURCEIP} dev xfrm${PLUTO_IF_ID_IN} - while on the server side I have both server peer address (I just know it) and client peer address (PLUTO_PEER_SOURCEIP), - the issue is on the client side: it has only PLUTO_MY_SOURCEIP and no ideas which is PLUTO_PEER_SOURCEIP What I want is to use any of the available attribute in pools definition (e.g. "server") to signal on remote side server's peer address. I managed to work over "dns" attribute (enabling dns_handler in updown.conf, while keeping resolve.conf disabled) but DNS is widely used attributed and this trick can be unapplicable in most situations. So the question is - how to get e.g. "server" attribute in PLUTO_* variables? On 08.04.2021 01:20, Volodymyr Litovka wrote: Hi colleagues, are there any ways to get remote side attributes, specified in "pools" section, like: pools { s1-pool { addrs = 25.0.0.2-25.0.1.255 netmask = "255.255.254.0" } } at the moment, my updown script on the client shows the following ones upon launch: updown: PLUTO_PEER_ID=s1 updown: PLUTO_ME=10.1.2.10 updown: PLUTO_IF_ID_OUT=10 updown: PLUTO_PEER_CLIENT=0.0.0.0/0 updown: PLUTO_IF_ID_IN=10 updown: PLUTO_VERSION=1.1 updown: PLUTO_REQID=1 updown: PLUTO_MY_PORT=0 updown: PLUTO_MY_PROTOCOL=0 updown: PLUTO_PEER_PORT=0 updown: PLUTO_MY_SOURCEIP4_1=25.0.0.2 updown: PLUTO_CONNECTION=s2 updown: PLUTO_PEER_PROTOCOL=0 updown: PLUTO_MY_CLIENT=0.0.0.0/0 updown: PLUTO_MY_ID=s2 updown: PLUTO_PEER=10.1.1.10 updown: PLUTO_VERB=up-client updown: PLUTO_INTERFACE=eth0 updown: PLUTO_UNIQUEID=1 updown: PLUTO_MY_SOURCEIP=25.0.0.2 updown: PLUTO_PROTO=esp updown: PLUTO_UDP_ENC=4500 and there is no information on 'netmask' which is specified on the server. Thank you. -- Volodymyr Litovka "Vision without Execution is Hallucination." -- Thomas Edison -- Volodymyr Litovka "Vision without Execution is Hallucination." -- Thomas Edison
Re: [strongSwan] pools attrs
Hi again, and there are the following errors in log which can be related to the issue - Apr 7 22:48:55 s2 charon-systemd[25189]: processing INTERNAL_IP4_ADDRESS attribute Apr 7 22:48:55 s2 charon-systemd[25189]: processing INTERNAL_IP4_NETMASK attribute Apr 7 22:48:55 s2 charon-systemd[25189]: handling INTERNAL_IP4_NETMASK attribute failed Apr 7 22:48:55 s2 charon-systemd[25189]: processing INTERNAL_IP4_SERVER attribute Apr 7 22:48:55 s2 charon-systemd[25189]: handling INTERNAL_IP4_SERVER attribute failed Apr 7 22:48:55 s2 charon-systemd[25189]: processing INTERNAL_IP4_DNS attribute Apr 7 22:48:55 s2 charon-systemd[25189]: handling INTERNAL_IP4_DNS attribute failed seems client side sees multiple attributes I configured on remote side, but for some reasons fails to process them. Any suggestions on where to see for the problem? Thank you On 08.04.2021 01:20, Volodymyr Litovka wrote: Hi colleagues, are there any ways to get remote side attributes, specified in "pools" section, like: pools { s1-pool { addrs = 25.0.0.2-25.0.1.255 netmask = "255.255.254.0" } } at the moment, my updown script on the client shows the following ones upon launch: updown: PLUTO_PEER_ID=s1 updown: PLUTO_ME=10.1.2.10 updown: PLUTO_IF_ID_OUT=10 updown: PLUTO_PEER_CLIENT=0.0.0.0/0 updown: PLUTO_IF_ID_IN=10 updown: PLUTO_VERSION=1.1 updown: PLUTO_REQID=1 updown: PLUTO_MY_PORT=0 updown: PLUTO_MY_PROTOCOL=0 updown: PLUTO_PEER_PORT=0 updown: PLUTO_MY_SOURCEIP4_1=25.0.0.2 updown: PLUTO_CONNECTION=s2 updown: PLUTO_PEER_PROTOCOL=0 updown: PLUTO_MY_CLIENT=0.0.0.0/0 updown: PLUTO_MY_ID=s2 updown: PLUTO_PEER=10.1.1.10 updown: PLUTO_VERB=up-client updown: PLUTO_INTERFACE=eth0 updown: PLUTO_UNIQUEID=1 updown: PLUTO_MY_SOURCEIP=25.0.0.2 updown: PLUTO_PROTO=esp updown: PLUTO_UDP_ENC=4500 and there is no information on 'netmask' which is specified on the server. Thank you. -- Volodymyr Litovka "Vision without Execution is Hallucination." -- Thomas Edison -- Volodymyr Litovka "Vision without Execution is Hallucination." -- Thomas Edison
[strongSwan] pools attrs
Hi colleagues, are there any ways to get remote side attributes, specified in "pools" section, like: pools { s1-pool { addrs = 25.0.0.2-25.0.1.255 netmask = "255.255.254.0" } } at the moment, my updown script on the client shows the following ones upon launch: updown: PLUTO_PEER_ID=s1 updown: PLUTO_ME=10.1.2.10 updown: PLUTO_IF_ID_OUT=10 updown: PLUTO_PEER_CLIENT=0.0.0.0/0 updown: PLUTO_IF_ID_IN=10 updown: PLUTO_VERSION=1.1 updown: PLUTO_REQID=1 updown: PLUTO_MY_PORT=0 updown: PLUTO_MY_PROTOCOL=0 updown: PLUTO_PEER_PORT=0 updown: PLUTO_MY_SOURCEIP4_1=25.0.0.2 updown: PLUTO_CONNECTION=s2 updown: PLUTO_PEER_PROTOCOL=0 updown: PLUTO_MY_CLIENT=0.0.0.0/0 updown: PLUTO_MY_ID=s2 updown: PLUTO_PEER=10.1.1.10 updown: PLUTO_VERB=up-client updown: PLUTO_INTERFACE=eth0 updown: PLUTO_UNIQUEID=1 updown: PLUTO_MY_SOURCEIP=25.0.0.2 updown: PLUTO_PROTO=esp updown: PLUTO_UDP_ENC=4500 and there is no information on 'netmask' which is specified on the server. Thank you. -- Volodymyr Litovka "Vision without Execution is Hallucination." -- Thomas Edison