Thanks for the extra general regression check Simon!
And also for the documentation of the detailed tests you did.
I used that to test Artful and Zesty as well.
Files as outlined by Simon Deziel, just in my case IPs different.
Note: needs hosts file on east and west.
zesty
169.254.6.1 => 192.168.122.226
169.254.6.2 => 192.168.122.224
artful
169.254.6.1 => 192.168.122.220
169.254.6.2 => 192.168.122.228
= ZESTY =
Before Fix:
ubuntu@zesty-east:~$ sudo systemctl status strongswan
[...]
Jan 02 09:52:26 zesty-east charon[2792]: 14[NET] sending packet: from
192.168.122.226[500] to 192.168.122.224[500] (124 bytes)
Jan 02 09:52:26 zesty-east charon[2792]: 15[NET] received packet: from
192.168.122.224[500] to 192.168.122.226[500] (92 bytes)
Jan 02 09:52:26 zesty-east charon[2792]: 15[ENC] invalid HASH_V1 payload
length, decryption failed?
Jan 02 09:52:26 zesty-east charon[2792]: 15[ENC] could not decrypt payloads
Jan 02 09:52:26 zesty-east charon[2792]: 15[IKE] message parsing failed
Jan 02 09:52:26 zesty-east charon[2792]: 15[IKE] ignore malformed INFORMATIONAL
request
Jan 02 09:52:26 zesty-east charon[2792]: 15[IKE] INFORMATIONAL_V1 request with
message ID 2973179323 processing failed
After fix is on West:
$ sudo systemctl status strongswan
[...]
Jan 02 09:56:32 zesty-east charon[2954]: 11[NET] sending packet: from
192.168.122.226[500] to 192.168.122.224[500] (220 bytes)
Jan 02 09:56:32 zesty-east charon[2954]: 12[NET] received packet: from
192.168.122.224[500] to 192.168.122.226[500] (188 bytes)
Jan 02 09:56:32 zesty-east charon[2954]: 12[ENC] parsed QUICK_MODE response
3423563956 [ HASH SA No ID ID ]
Jan 02 09:56:32 zesty-east charon[2954]: 12[IKE] CHILD_SA lp-east01{1}
established with SPIs c223f7cc_i c35801f3_o and TS 192.168.122.226/32 === 1
Jan 02 09:56:32 zesty-east charon[2954]: 12[IKE] CHILD_SA lp-east01{1}
established with SPIs c223f7cc_i c35801f3_o and TS 192.168.122.226/32 === 1
Jan 02 09:56:32 zesty-east charon[2954]: 12[ENC] generating QUICK_MODE request
3423563956 [ HASH ]
Jan 02 09:56:32 zesty-east charon[2954]: 12[NET] sending packet: from
192.168.122.226[500] to 192.168.122.224[500] (76 bytes
= ARTFUL =
Before Fix:
ubuntu@artful-east:~$ sudo systemctl status strongswan
[...]
Jan 02 09:53:39 artful-east charon[2004]: 10[NET] sending packet: from
192.168.122.220[500] to 192.168.122.228[500] (124 bytes)
Jan 02 09:53:39 artful-east charon[2004]: 11[NET] received packet: from
192.168.122.228[500] to 192.168.122.220[500] (92 bytes)
Jan 02 09:53:39 artful-east charon[2004]: 11[ENC] invalid HASH_V1 payload
length, decryption failed?
Jan 02 09:53:39 artful-east charon[2004]: 11[ENC] could not decrypt payloads
=> Jan 02 09:53:39 artful-east charon[2004]: 11[IKE] message parsing failed
=> Jan 02 09:53:39 artful-east charon[2004]: 11[IKE] ignore malformed
INFORMATIONAL request
=> Jan 02 09:53:39 artful-east charon[2004]: 11[IKE] INFORMATIONAL_V1 request
with message ID 505241222 processing failed
After fix is on West:
$ sudo systemctl status strongswan
● strongswan.service - strongSwan IPsec services
[...]
Jan 02 09:56:32 artful-east charon[2138]: 11[NET] sending packet: from
192.168.122.220[500] to 192.168.122.228[500] (220 bytes)
Jan 02 09:56:32 artful-east charon[2138]: 12[NET] received packet: from
192.168.122.228[500] to 192.168.122.220[500] (188 bytes)
Jan 02 09:56:32 artful-east charon[2138]: 12[ENC] parsed QUICK_MODE response
926910681 [ HASH SA No ID ID ]
Jan 02 09:56:32 artful-east charon[2138]: 12[IKE] CHILD_SA lp-east01{1}
established with SPIs c5e03498_i c81b3cbc_o and TS 192.168.122.220/32 ===
Jan 02 09:56:32 artful-east charon[2138]: 12[IKE] CHILD_SA lp-east01{1}
established with SPIs c5e03498_i c81b3cbc_o and TS 192.168.122.220/32 ===
Jan 02 09:56:32 artful-east charon[2138]: 12[ENC] generating QUICK_MODE request
926910681 [ HASH ]
Jan 02 09:56:32 artful-east charon[2138]: 12[NET] sending packet: from
192.168.122.220[500] to 192.168.122.228[500] (76 bytes)
** Tags removed: verification-needed verification-needed-artful
verification-needed-zesty
** Tags added: verification-done verification-done-artful
verification-done-zesty
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1734207
Title:
Multiple PSKs with dyndns left/rightids doesn't work
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1734207/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
