On 8 Jun 2016 8:52 p.m., "Paul Wouters" <[email protected]> wrote: > > On Thu, 2 Jun 2016, Daniel J Blueman wrote: > >> Using the current libreswan release in the core CentOS 6 repo >> (libreswan-3.15-5.3) with a road-warrior configuration [1] with a >> Windows 10 client and cert auth, I'm seeing libreswan reply to the >> initial IKEv2 setup packets on port 500, rather than the correct >> source port, needed to pass through routers; we see: >> >> 19:45:16.061582 IP 66.96.193.199.1024 > 195.119.250.13.500: isakmp: >> parent_sa ikev2_init[I] >> 19:45:16.071924 IP 195.119.250.13.500 > 66.96.193.199.500: isakmp: >> parent_sa ikev2_init[R] > > > That should not happen. It is clearly a bug. > > >> This issue occurs on libreswan 3.17 also, so I traced back the >> incorrect remote port number to the connection lookup code, clearly >> the right section in the debug logs [2]. Rewriting the port number [3] >> fixes the behaviour. > > > If we are not switching connections, it should not have the wrong port. > But since this is IKE_INIT, I would not expect it to switch connections > at all. > > I'm looking into issue.
Thanks for taking a look! I can test out any changes as and when. Dan
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
