On Wed, 6 Jul 2016, D. Hugh Redelmeier wrote: I've gone through these and just commited the fixes listed below.
Some issues do need to get looked at before 3.18 Paul basic-pluto-00 failed west:output-different <== no hope of working FIXED ikev2-delete-02 failed east:output-different west:output-different <== reference logs obsolete LEAK REPORT ADDED ikev2-12-x509-ikev1-rw failed west:output-different <=== leak reported EAST DID NOT PROCESS TRANSPORT NOTIFY ikev2-12-transport-psk failed east:output-different west:output-different <== local policy requires Transport Mode but peer requires required Tunnel Mode FIXED ikev2-32-nat-rw-rekey failed east:EXPECTATION road:output-different <== lease newly reported??? GROUTED POLICY NEW? newoe-25-cat-2 failed road:output-different <== west conns not loaded? FIXED newoe-25-cat-3-4-way failed east:output-different north:output-different road:output-different west:output-different <=== road diagram changed EPHEMERAL newoe-25-cat-4 failed east:output-different road:output-different west:output-different <== not clear CLEAR policy for nic and host added ?? newoe-25-cat-5 failed east:output-different road:output-different <=== not clear EPHEMERAL dpd-01 failed west:output-different <== timing of SA? EPHEMERAL plus ping fix dpd-04 failed east:output-different west:output-different <== address and port changes? EPHEMERAL plus ping fix dpd-05 failed west:output-different <== port change EPHEMERAL plus ping fix dpd-06 failed west:output-different <== new bad iptables rules? FIXED SINCE ikev2-liveness-05 failed east:output-different west:output-different <== no longer KLIPS? FIXED SINCE ikev2-liveness-06 failed east:EXPECTATION,output-different road:output-different <== no longer KLIPS? FIXED SINCE ikev2-liveness-07 failed east:EXPECTATION,output-different road:output-different <== no longer KLIPS? FIXED SINCE ikev2-liveness-08-drop failed east:output-different west:output-different <== no longer KLIPS? KNOWN refhim= delete bug delete-sa-03 failed east:output-different west:output-different <== refhim FIXED x509-pluto-02 failed north:output-different <== no outBytes WORKSFORME x509-pluto-frag-01 failed road:output-different <= retransmission message WORKSFORME nat-pluto-04 failed east:output-different road:output-different <== ? FIXED ikev1-algo-ike-aes-02 failed east:output-different west:output-different <== no longer KLIPS WORKSFORME psk-pluto-02 incomplete east:output-different road:output-different <== INVALID_HASH_INFORMATION ? FIXED xauth-pluto-12 failed east:output-different road:output-different <== no longer KLIPS FIXED xauth-pluto-15 failed east:output-different road:output-different <== no longer KLIPS EPHEMERAL xauth-pluto-17 failed east:output-different <== swapped IP in XFRM ? EPHEMERAL xauth-pluto-18 failed east:output-different <== swapped IP in XFRM ? NEEDS INVESTIGATINH basic-pluto-12 failed east:output-different west:output-different <== lots of additional activity FIXED SINCE interop-ikev2-strongswan-16-ah-initiator-sha512 failed west:output-different <== cert req changed? WORKSFORME interop-ikev2-strongswan-17-ah-initiator-sha256 failed west:output-different <== cert req changed? FIXED SINCE and WORKSFORME interop-ikev1-strongswan-15-twofish failed east:output-different west:output-different <== message ignored because it contains an unexpected payload type (ISAKMP_NEXT_HASH) FIXED SINCE and WORKSFORME interop-ikev1-strongswan-16-serpent failed east:output-different west:output-different <== message ignored because it contains an unexpected payload type (ISAKMP_NEXT_HASH) WORKSFORME ipv6-tunnel-mode-02-netkey-netkey failed east:output-different west:output-different <== failure to communicate WORKSFORME ipv6-tunnel-mode-04-rw failed east:output-different road:output-different <== failure to communicate NEEDS INVESTIGATION interop-ikev2-racoon-02-psk-responder failed east:output-different west:output-different <== ? WORKSFORME interop-ikev2-strongswan-03-psk-initiator failed west:output-different <== cert request different [but PSK??] WORKSFORME interop-ikev2-strongswan-04-x509-responder failed west:output-different <== failed to negoriate WORKSFORME interop-ikev2-strongswan-07-strongswan failed west:output-different <== cert request different WORKSFORME interop-ikev2-strongswan-13-ah-initiator failed west:output-different <== cert request different WORKSFORME interop-ikev2-strongswan-14-delete-sa failed west:output-different <== cert request different NEEDS INVESTIGATION interop-ikev2-strongswan-15-create_child_sa incomplete east:output-different west:output-different <== ss cannot parse ls message WORKSFORME interop-ikev2-strongswan-17-delete-sa-responder failed west:output-different <== cert request different WORKSFORME interop-ikev2-strongswan-27-fragmentation failed west:output-different <== negotiation failed FIXED SINCE interop-ikev2-strongswan-28-reauth failed west:output-different <== cert request different NEEDS INVESTIGATION (auto=add conn failed!) dnssec-pluto-01 failed west:output-different <== westnet-eastnet-etc-hosts-auto-add missing NEEDS INVESTIGATION (but old bug) l2tp-01 failed east:output-different north:output-different <== test changed? No longer KLIPS? NEEDS INVESTIGATION (but old bug) l2tp-02 failed east:output-different north:output-different <== test changed? No longer KLIPS? DIDNT START fips-08-ikev2-x509 failed east:output-different west:output-different <== test changed? No longer KLIPS? WORKSFORME nss-cert-04 failed west:output-different <== ignoring retry? RERUN nss-cert-05 failed east:EXPECTATION west:output-different <== ignoring retry? RERUN nss-cert-08-mismatch failed west:EXPECTATION,output-different <== logging seems to have changed RERUN nss-cert-chain-02 failed west:output-different <== retransmission different RERUN nss-cert-crl-02 failed west:output-different <== duplicate packet RERUN nss-cert-nosecret failed east:output-different west:output-different <== certs or keys different? RERUN nss-cert-ocsp-01-strict failed west:output-different <== negotiation failed RERUN nss-cert-ocsp-02 failed east:output-different west:output-different <== no "certificate revoked"; cert accepted!! RERUN nss-cert-ocsp-02-ikev2 failed east:output-different west:output-different <== no "certificate revoked"; cert accepted!! RERUN nss-cert-ocsp-02-strict failed east:output-different west:output-different <== no "certificate revoked"; cert rejected for a different reason RERUN nss-cert-ocsp-03-strict failed west:output-different <== lots more retransmissions RERUN nss-cert-ocsp-04 failed west:output-different <== negotiation succeeded (mistake??) RERUN nss-cert-ocsp-04-strict failed west:output-different <= old: INVALID_ID_INFORMATION, new: INVALID_KEY_INFORMATION ??? RERUN nss-cert-ocsp-05-strict failed west:output-different <== negotiation failure when success is expected RERUN nss-cert-ocsp-06 failed west:output-different <== negotiation success when failure expected RERUN nss-cert-ocsp-07-nourl failed east:output-different west:output-different <== no "certificate revoked!", negotiation unexpectedly succeeded _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
