Thanks. Here's the only bit of the log that's needed: Nov 1 03:11:55.547595: | ***parse IKEv2 Configuration Payload Attribute: Nov 1 03:11:55.547626: | Attribute Type: IKEv2_INTERNAL_IP4_ADDRESS (0x1) Nov 1 03:11:55.547653: | length/value: 0 (00 00) Nov 1 03:11:55.547687: | connection both thinks it has, and really has a lease Nov 1 03:11:55.547754: | ***parse IKEv2 Configuration Payload Attribute: Nov 1 03:11:55.547780: | Attribute Type: IKEv2_INTERNAL_IP4_DNS (0x3) Nov 1 03:11:55.547808: | length/value: 0 (00 00) Nov 1 03:11:55.547835: | ignoring attribute IKEv2_INTERNAL_IP4_DNS length 0 Nov 1 03:11:55.547859: | ***parse IKEv2 Configuration Payload Attribute: Nov 1 03:11:55.547885: | Attribute Type: IKEv2_INTERNAL_IP4_NBNS (0x4) Nov 1 03:11:55.547913: | length/value: 0 (00 00) Nov 1 03:11:55.547940: | ignoring attribute IKEv2_INTERNAL_IP4_NBNS length 0 Nov 1 03:11:55.547982: "MYCONN-ikev2-cp"[2] 188.252.197.105 #4: ERROR: malformed CP attributeAttribute Type of IKEv2 Configuration Payload Attribute has an unknown value: 23456 (0x5ba0) Nov 1 03:11:55.548011: | should_send_delete: #4? no, IKEv2 SA in state STATE_V2_IKE_AUTH_CHILD_R0 is not established
Try 2cc01a03a8c4bcfcb7c808f233756e96bdb6cfbe On Mon, 31 Oct 2022 at 22:16, Mirsad Goran Todorovac < [email protected]> wrote: > Thanks you, Sir! > > Actually, the connection was never established. > > The error mesg in Win 10 is: > > The "first bad commit" session log is here: > https://magrf.grf.hr/~mtodorov/tmp/ikev2-ipv4-20221101-01.log > > Kind regards, > Mirsad > On 10/31/2022 8:45 PM, Andrew Cagney wrote: > > Nice work. > > > I have noticed today (after having figured out how to connect IPv4-only > from Windows 10) that I lose connectivity > with github libreswan, while I still had it with libreswan-4.9 from > tarball. > > When you say "lose" connectivity, do you mean it never connects or dies > after a short while? > > > https://github.com/libreswan/libreswan/commit/bc47dcf87733484f5701b02212c3015a711ca1a9 > added code to check the content of the CP payload so, presumably, microsoft > is sending something pluto didn't expect. > > Was there an error related to CP in the logs? And if possible try a test > run with debug=all enabled so that the CP payloads are captured and put > that in a bug. > > > > > On Mon, 31 Oct 2022 at 15:07, Mirsad Goran Todorovac < > [email protected]> wrote: > >> Hi all, >> >> I have noticed today (after having figured out how to connect IPv4-only >> from Windows 10) that I lose connectivity >> with github libreswan, while I still had it with libreswan-4.9 from >> tarball. >> >> I felt inspired and bisect gave this (at this commit I lost IPv4 Win 10 >> connectivity): >> >> git bisect good e75c5ce30d7b6e5311dd05a4d0512a5f61add78f >> # bad: [4e1ceb32c64b8b077c41c538e39c5b6252b826b6] connections: pass >> struct connection_end into extract_end() >> git bisect bad 4e1ceb32c64b8b077c41c538e39c5b6252b826b6 >> # bad: [bc47dcf87733484f5701b02212c3015a711ca1a9] ikev2: during IKE_AUTH >> parse IKEv2 CP requests >> git bisect bad bc47dcf87733484f5701b02212c3015a711ca1a9 >> # good: [823443d6c796340128720a295c99f7eacae09d67] connections: (more) >> use ...->host->config rather than ...->config->host >> git bisect good 823443d6c796340128720a295c99f7eacae09d67 >> # first bad commit: [bc47dcf87733484f5701b02212c3015a711ca1a9] ikev2: >> during IKE_AUTH parse IKEv2 CP requests >> root@magrf:~/libreswan# >> >> Windows specs: >> >> >> VPN server is on Debian 11 Bullseye and stock kernel, on a rather old >> development can. >> >> Hope this helps. >> >> Kind regards, >> Mirsad >> >> -- >> Mirsad Todorovac >> Sistem inženjer >> Grafički fakultet | Akademija likovnih umjetnosti >> Sveučilište u Zagrebu >> -- >> System engineer >> Faculty of Graphic Arts | Academy of Fine Arts >> University of Zagreb, Republic of Croatia >> tel. +385 (0)1 3711 451 >> mob. +385 91 57 88 355 >> >> -- > Mirsad Todorovac > Sistem inženjer > Grafički fakultet | Akademija likovnih umjetnosti > Sveučilište u Zagrebu > -- > System engineer > Faculty of Graphic Arts | Academy of Fine Arts > University of Zagreb, Republic of Croatia > tel. +385 (0)1 3711 451 > mob. +385 91 57 88 355 > >
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
