On Sun, 30 Aug 2015, D. Hugh Redelmeier wrote:
Subject: [Swan-dev] interop-ikev2-racoon-02-psk-responder test
I just ran the test suite to test some changes before committing them.
The only regression (i.e. the only test that passed yesterday but failed
today) is interop-ikev2-racoon-02-psk-responder.
It fails with this message in the console log:
+002 "westnet-eastnet-ikev2" #2: invalid padding-length octet: 0x23
I think that this is an oblique way of saying that the encrypted payload
is smells bad and will be rejected. If so, it isn't really user-friendly.
This message has appeared a long time ago when Andrew redid our CBC-only
crypto to CBC/CTR/GCM. We could never figure out why racoon did this. As
other interop tests with stronswan worked fine. I think this might be a
bug in racoon2. No one is really using or developing racoon2 AFAIK. In
fact, racoon1 (aka ipsec-tools) sees more development still, but has no
IKEv2 support.
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
