Yes, this fixed this issue. :)
Now the Win 10 client connected:
Thanks.
Now only to make IPv6-over-IPv6 connection work.
However, restoring IPv4 VPN regression after upgrade to IPv6 will
suffice. IPv6 VPN would be a nice
thing to have, especially dual-stack, IMHO but any VPN is better than
broken VPN (as a quantum difference).
Kind regards,
Mirsad
On 11/1/2022 3:45 AM, Andrew Cagney wrote:
Thanks. Here's the only bit of the log that's needed:
Nov 1 03:11:55.547595: | ***parse IKEv2 Configuration Payload Attribute:
Nov 1 03:11:55.547626: | Attribute Type: IKEv2_INTERNAL_IP4_ADDRESS (0x1)
Nov 1 03:11:55.547653: | length/value: 0 (00 00)
Nov 1 03:11:55.547687: | connection both thinks it has, and really has a lease
Nov 1 03:11:55.547754: | ***parse IKEv2 Configuration Payload Attribute:
Nov 1 03:11:55.547780: | Attribute Type: IKEv2_INTERNAL_IP4_DNS (0x3)
Nov 1 03:11:55.547808: | length/value: 0 (00 00)
Nov 1 03:11:55.547835: | ignoring attribute IKEv2_INTERNAL_IP4_DNS length 0
Nov 1 03:11:55.547859: | ***parse IKEv2 Configuration Payload Attribute:
Nov 1 03:11:55.547885: | Attribute Type: IKEv2_INTERNAL_IP4_NBNS (0x4)
Nov 1 03:11:55.547913: | length/value: 0 (00 00)
Nov 1 03:11:55.547940: | ignoring attribute IKEv2_INTERNAL_IP4_NBNS length 0
Nov 1 03:11:55.547982: "MYCONN-ikev2-cp"[2] 188.252.197.105 #4: ERROR:
malformed CP attributeAttribute Type of IKEv2 Configuration Payload Attribute has an
unknown value: 23456 (0x5ba0)
Nov 1 03:11:55.548011: | should_send_delete: #4? no, IKEv2 SA in state
STATE_V2_IKE_AUTH_CHILD_R0 is not established
Try 2cc01a03a8c4bcfcb7c808f233756e96bdb6cfbe
On Mon, 31 Oct 2022 at 22:16, Mirsad Goran Todorovac
<[email protected]> wrote:
Thanks you, Sir!
Actually, the connection was never established.
The error mesg in Win 10 is:
The "first bad commit" session log is here:
https://magrf.grf.hr/~mtodorov/tmp/ikev2-ipv4-20221101-01.log
Kind regards,
Mirsad
On 10/31/2022 8:45 PM, Andrew Cagney wrote:
Nice work.
> I have noticed today (after having figured out how to connect
IPv4-only from Windows 10) that I lose connectivity
with github libreswan, while I still had it with libreswan-4.9
from tarball.
When you say "lose" connectivity, do you mean it never connects
or dies after a short while?
https://github.com/libreswan/libreswan/commit/bc47dcf87733484f5701b02212c3015a711ca1a9
added code to check the content of the CP payload so, presumably,
microsoft is sending something pluto didn't expect.
Was there an error related to CP in the logs? And if possible try
a test run with debug=all enabled so that the CP payloads are
captured and put that in a bug.
On Mon, 31 Oct 2022 at 15:07, Mirsad Goran Todorovac
<[email protected]> wrote:
Hi all,
I have noticed today (after having figured out how to connect
IPv4-only from Windows 10) that I lose connectivity
with github libreswan, while I still had it with
libreswan-4.9 from tarball.
I felt inspired and bisect gave this (at this commit I lost
IPv4 Win 10 connectivity):
git bisect good e75c5ce30d7b6e5311dd05a4d0512a5f61add78f
# bad: [4e1ceb32c64b8b077c41c538e39c5b6252b826b6]
connections: pass struct connection_end into extract_end()
git bisect bad 4e1ceb32c64b8b077c41c538e39c5b6252b826b6
# bad: [bc47dcf87733484f5701b02212c3015a711ca1a9] ikev2:
during IKE_AUTH parse IKEv2 CP requests
git bisect bad bc47dcf87733484f5701b02212c3015a711ca1a9
# good: [823443d6c796340128720a295c99f7eacae09d67]
connections: (more) use ...->host->config rather than
...->config->host
git bisect good 823443d6c796340128720a295c99f7eacae09d67
# first bad commit:
[bc47dcf87733484f5701b02212c3015a711ca1a9] ikev2: during
IKE_AUTH parse IKEv2 CP requests
root@magrf:~/libreswan#
Windows specs:
VPN server is on Debian 11 Bullseye and stock kernel, on a
rather old development can.
Hope this helps.
Kind regards,
Mirsad
--
Mirsad Todorovac
Sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
--
System engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
tel. +385 (0)1 3711 451
mob. +385 91 57 88 355
--
Mirsad Todorovac
Sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
--
System engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
tel. +385 (0)1 3711 451
mob. +385 91 57 88 355
--
Mirsad Todorovac
Sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
--
System engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
tel. +385 (0)1 3711 451
mob. +385 91 57 88 355
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
