Hi All:
/var/log/pluto.log writes:=========================| peer client is
fd6f:d30:1bb6:b419::1
| peer client protocol/port is 17/0
| our client is
fd1d:d30:1bb6:b419::1
| our client protocol/port is 17/0
"ip6.tun0" #113: the
peer proposed: fd1d:d30:1bb6:b419::1/128:0/0
-> fd6f:d30:1bb6:b419::1/128:0/0
| find_client_connection
starting with ip6.tun0
| looking for
fd1d:d30:1bb6:b419::1/128:17/0 -> fd6f:d30:1bb6:b419::1/128:17/0
Because "0/0" is NOT "17/0", find_client_connection() return NULL. As a result,
quick_inI1_outR1_authtail() fail "cannot respond to IPsec SA request because no
connection is known for" && "sending encrypted notification
INVALID_ID_INFORMATION to"
Question: how to set local protocol to 17 (UDP) instead of 0?
Corresponding source code:==================quick_inI1_outR1_authtail(){……
libreswan_log("the peer proposed: %s:%d/%d -> %s:%d/%d",
s1, c->spd.this.protocol,
c->spd.this.port, ç== “spd” is “struct spd_route”
d1, c->spd.that.protocol, c->spd.that.port);……}
quick_inI1_outR1_authtail()
calls find_client_connection() find_client_connection(){….
DBG_log(" looking for %s:%d/%d -> %s:%d/%d",
s1, our_protocol,
our_port,
d1, peer_protocol,
peer_port);….
if (samesubnet(&sr->this.client, our_net) &&
samesubnet(&sr->that.client, peer_net) &&
sr->this.protocol
== our_protocol && ç== Does NOT match. “sr” is “struct spd_route”. As a
result, failed.
(!sr->this.port ||
sr->this.port == our_port) &&
(sr->that.protocol == peer_protocol) &&
(!sr->that.port ||
sr->that.port == peer_port)) {
passert(oriented(*c));
if (routed(sr->routing))
return c; ç ==
We expect return here, but ….
unrouted = c;
}….}
“spd.this.protocol” is same as “sr->this.protocol”
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
