On Sun, 9 Jul 2017, D. Hugh Redelmeier wrote:
I get a lot of errors when I run the tests. Can folks work on fixing them? In some cases, the fix is to update the referencee logs.
Lots of people have been in transit, including me :/
lost a data packet -- probably nothing to be done
Yeah :/
?? different traffic, extra "src" certoe-07-nat-2-clients/OUTPUT/road.console.diff certoe-07-nat-2-clients/OUTPUT/east.console.diff
You didn't provide a link or diff, so hard for me to tell what extra "src" means.
New warning? clear-or-private#192.1.2.0/24 #1 not fetching ipseckey that end rsasigkey != %dnsondemand can only query DNS for IPSECKEY for ID that is a FQDN, IPV4_ADDR, or IPV6_ADDR id type=ID_NULL IKEv2_AUTH_NULL remote=192.1.2.254 thatid=ID_NULL
Those are indeed new. I had not yet added them because I wasn't sure if these would remain. It seems it always triggers a "packet received and ignored during crypto/dns work".
New retransmit interval not reflected in logs? delete-sa-04/OUTPUT/east.console.diff ... and states numbered differently? delete-sa-04/OUTPUT/west.console.diff
I don't know why the state numbers are different. Which is why it was not yet updated by me.
tunnel missing? dnsoe-01/OUTPUT/road.console.diff dnsoe-01/OUTPUT/east.console.diff dnsoe-02/OUTPUT/road.console.diff dnsoe-02/OUTPUT/east.console.diff
Most likely you did not run "make kvm-keys" before the test, and the DNSSEC signed zones expired? Or some other bind related package is
not yet installed on your nic instance?
missing interfaces: dynamic-iface-01/OUTPUT/west.console.diff
That also needs investigating still.
cert-related error? +003 "westnet-eastnet-ikev2" #2: ID_DER_ASN1_DN '[email protected],CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' does not match expected 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, [email protected]'
That's odd because those two are the same? That would indicate a bug?
missing connection ikev1-aggr-sendcert-01/OUTPUT/north.console.diff ikev1-aggr-sendcert-01/OUTPUT/east.console.diff
Will investigate those. There were some changes in the aggrmode code.
negotiation went off rails ikev1-rekey-connswitch/OUTPUT/east.console.diff ikev1-rekey-connswitch/OUTPUT/west.console.diff
Actively working on that now. I pushed part of the fix yesterday. There is still the issue of the CA matching (the match2 variable) going wrong.
different informational payload generated?? -003 "san" #1: ignoring informational payload INVALID_ID_INFORMATION, msgid=00000000, length=12 +003 "san" #1: ignoring informational payload INVALID_KEY_INFORMATION, msgid=00000000, length=12 ikev1-x509-05-san-firstemail-match/OUTPUT/west.console.diff
I'll fix those up when the connswitch stuff works, as I will need to rerun all the SAN test cases for that.
different informational payload generated?? -002 "san" #1: Peer public key is not available for this exchange -218 "san" #1: STATE_MAIN_I3: INVALID_ID_INFORMATION -002 "san" #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.2.23:500 +003 "san" #1: no RSA public key known for '[email protected]' +217 "san" #1: STATE_MAIN_I3: INVALID_KEY_INFORMATION +002 "san" #1: sending encrypted notification INVALID_KEY_INFORMATION to 192.1.2.23:500 ikev1-x509-06-san-email-mismatch/OUTPUT/west.console.diff ikev1-x509-08-san-dns-mismatch/OUTPUT/west.console.diff different informational payload generated?? -003 "san" #1: ignoring informational payload INVALID_ID_INFORMATION, msgid=00000000, length=12 +003 "san" #1: ignoring informational payload INVALID_KEY_INFORMATION, msgid=00000000, length=12 ikev1-x509-07-san-ip-mismatch/OUTPUT/west.console.diff ikev1-x509-aggr-05-san-firstemail-match/OUTPUT/west.console.diff
same.
negotiation went off rails +003 "san" #1: ignoring informational payload INVALID_KEY_INFORMATION, msgid=00000000, length=12 ikev1-x509-12-san-dn-match/OUTPUT/east.console.diff ikev1-x509-12-san-dn-match/OUTPUT/west.console.diff ikev1-x509-13-san-dn-mismatch/OUTPUT/east.console.diff ikev1-x509-13-san-dn-mismatch/OUTPUT/west.console.diff
Same. Paul _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
