[Swan-commit] Changes to ref refs/heads/main

New commits: commit d50778d1963733eb92f97c6d3d3443f89a1c3aaf Author: Andrew Cagney Date: Tue Feb 27 23:02:29 2024 -0500 ikev2: ikev2: in CREATE_CHILD_SA add/use reject_CREATE_CHILD_SA_response() Note that this preserves the current (broken) behaviour where the rejected child

[Swan-commit] Changes to ref refs/heads/main

New commits: commit 6b89b11c5c3955778eb02738cebfb3b44b992eb7 Author: Andrew Cagney Date: Tue Feb 27 21:26:10 2024 -0500 testing kvm: include failures in all.console.txt ___ Swan-commit mailing list Swan-commit@lists.libreswan.org

[Swan-commit] Changes to ref refs/heads/main

New commits: commit 8d7a8dc0749a298c1408a4110369c526d08fb115 Author: Andrew Cagney Date: Tue Feb 27 20:21:01 2024 -0500 testing kvm: replace the run() try catch with return codes ___ Swan-commit mailing list Swan-commit@lists.libreswan.org

[Swan-commit] Changes to ref refs/heads/main

New commits: commit e24422366a34ec51f48e78d27612476e35d656ab Author: Andrew Cagney Date: Tue Feb 27 11:48:45 2024 -0500 ikev2: in CREATE_CHILD_SA add/use reject_CREATE_CHILD_SA_request() ___ Swan-commit mailing list

[Swan-commit] Changes to ref refs/heads/main

New commits: commit 07ad99e165fc7698dfc0e582320a8151726039ef Author: Andrew Cagney Date: Tue Feb 27 18:01:23 2024 -0500 testing kvm: re-order all.console.verbose.txt code ___ Swan-commit mailing list Swan-commit@lists.libreswan.org

Re: [Swan] Possible to setup multiple connections, partly behind NAT?

> > pluto[30425]: "remotesite"[1] 203.0.113.55 #2: responder established Child > > SA using #1; IPsec tunnel [192.168.1.253-192.168.1.253:0-65535 0] -> > > [203.0.113.55-203.0.113.55:0-65535 0] {ESPinUDP=>0x7522bc14 <0x80c5c828 > > xfrm=AES_GCM_16_256-NONE NATD=203.0.113.55:4500 DPD=passive} >

[Swan-commit] Changes to ref refs/heads/main

New commits: commit 9be7671e121eee4d5d707b1a994cef5ef019b7a8 Author: Andrew Cagney Date: Tue Feb 27 09:20:16 2024 -0500 testing kvm: rename "verbose_txt"->"all_verbose_txt" ___ Swan-commit mailing list Swan-commit@lists.libreswan.org

[Swan-commit] Changes to ref refs/heads/main

New commits: commit cada9054e8afdd1465eed8df1ce2e7e2dbca8c37 Author: Andrew Cagney Date: Tue Feb 27 11:29:00 2024 -0500 ikev2: use ..._v2SA_...() when refering to IKEv2's SA payload Rename the confusing ..._childs_sa_...() and ..._child_sa_...().

Re: [Swan-dev] What does "missing v2CP reply" mean?

On Tue, 27 Feb 2024 at 05:10, Brady Johnson wrote: > > We tried several changes to the client nmstate configuration. Setting "ipv4: > dhcp: false" caused a configuration error in nmstate. We have created a bug > for that and the nmstate team is working on it. I didn't see it here

[Swan-commit] Changes to ref refs/heads/main

New commits: commit 81293526ebecda9ef9d2a98eca9eaea25f9d80ad Author: Andrew Cagney Date: Tue Feb 27 13:19:27 2024 -0500 testing sanitizers: trim guest-prompt-double.sed no longer needs to fix: west # west# in all.console.verbose.txt

Re: [Swan-dev] What does "missing v2CP reply" mean?

Right, but for this use case we didnt want the server to assign an IP to the client. Thanks, *Brady Johnson* Principal Software Engineer Telco Verification Ecosystems Engineering brady.john...@redhat.com On Tue, Feb 27, 2024 at 4:40 PM Paul Wouters wrote: > On Tue, 27 Feb 2024, Brady

Re: [Swan] Possible to setup multiple connections, partly behind NAT?

On Tue, 27 Feb 2024, Phil Nightowl wrote: pluto[30425]: "remotesite"[1] 203.0.113.55 #2: responder established Child SA using #1; IPsec tunnel [192.168.1.253-192.168.1.253:0-65535 0] -> [203.0.113.55-203.0.113.55:0-65535 0] {ESPinUDP=>0x7522bc14 <0x80c5c828 xfrm=AES_GCM_16_256-NONE

Re: [Swan-dev] What does "missing v2CP reply" mean?

On Tue, 27 Feb 2024, Brady Johnson via Swan-dev wrote: We tried several changes to the client nmstate configuration. Setting "ipv4: dhcp: false" caused a configuration error in nmstate. We have created a bug for that and the nmstate team is working on it. Then, we tried with the same client

[Swan-commit] Changes to ref refs/heads/main

New commits: commit bdc217083b4348ba3d75ac4fac48691913dd1f10 Author: Andrew Cagney Date: Tue Feb 27 09:39:06 2024 -0500 testing: delete unused sanitizers host-dig-sanitize.sed ipsec-ver-sanitize.sed local-tree.sed no-empty.sed pfkey-sanitize.sed

[Swan-commit] Changes to ref refs/heads/main

New commits: commit 6909831d45597351ee9c06fd2754e70eaf316503 Author: Andrew Cagney Date: Tue Feb 27 08:44:55 2024 -0500 id: clarify atoid() a little commit 38cb83a3bb3a6e2dd7fbff67301d86ba4e07b0ef Author: Andrew Cagney Date: Tue Feb 27 08:43:40 2024 -0500 testing: in

[Swan-commit] Changes to ref refs/heads/main

New commits: commit cd03247ce5f8ea5035b957bb3796ef09b2ec5327 Author: Andrew Cagney Date: Tue Feb 27 08:32:46 2024 -0500 logging: add pdbgf(), use ___ Swan-commit mailing list Swan-commit@lists.libreswan.org

[Swan-commit] Changes to ref refs/heads/main

New commits: commit 709f41c1abab22b00a2544308f7d80e712c4a5db Author: Andrew Cagney Date: Tue Feb 27 08:26:13 2024 -0500 testing: update impair-install-ipsec-sa-* expect TEMPORARY_FAILURE ___ Swan-commit mailing list

Re: [Swan-dev] What does "missing v2CP reply" mean?

We tried several changes to the client nmstate configuration. Setting "ipv4: dhcp: false" caused a configuration error in nmstate. We have created a bug for that and the nmstate team is working on it. Then, we tried with the same client nmstate configuration, but added "leftmodecfgclient: false"

Re: [Swan] Possible to setup multiple connections, partly behind NAT?

Out of other ideas, I resorted to debug logs. To me, the more interesting part seems to be the initiator, since the responder reports to have established a tunnel successfully: pluto[30425]: "remotesite"[1] 203.0.113.55 #2: responder established Child SA using #1; IPsec tunnel