Hi Tobias.

I have following server side StrongSwan configuration(transport mode) and found 
strange behavior.

conn tcp_udp_4001
  leftsubnet=0.0.0.0/0[%any/4001]
conn icmp_any
  leftsubnet=0.0.0.0/0[1/%any]


And if a peer (10.6.3.185) do ping, I am expecting it bring up Child SA 
properly on conn icmp_any but it is not.

This is the charon.log with debug level 2, when the problem happens.
At the end of selecting ts for us, it picks tcp_udp_4001 instead of selecting 
icmp_any.
Is this a bug?


looking for a child config for 10.6.3.187/32[icmp] === 10.6.3.185/32[icmp]
2017-08-06T08:02:13-0700 11[CFG] proposing traffic selectors for us:
2017-08-06T08:02:13-0700 11[CFG]  0.0.0.0/0[newoak]
2017-08-06T08:02:13-0700 11[CFG] proposing traffic selectors for other:
2017-08-06T08:02:13-0700 11[CFG]  10.6.3.185/32
2017-08-06T08:02:13-0700 11[CFG]   candidate "tcp_udp_4001" with prio 1+1
2017-08-06T08:02:13-0700 11[CFG] proposing traffic selectors for us:
2017-08-06T08:02:13-0700 11[CFG]  0.0.0.0/0[icmp]
2017-08-06T08:02:13-0700 11[CFG] proposing traffic selectors for other:
2017-08-06T08:02:13-0700 11[CFG]  10.6.3.185/32
2017-08-06T08:02:13-0700 11[CFG]   candidate "icmp_any" with prio 1+1
2017-08-06T08:02:13-0700 11[CFG] found matching child config "tcp_udp_4001" 
with prio 2
2017-08-06T08:02:13-0700 11[CFG] selecting traffic selectors for other:
2017-08-06T08:02:13-0700 11[CFG]  config: 10.6.3.185/32, received: 
10.6.3.185/32[icmp] => match: 10.6.3.185/32[icmp]
2017-08-06T08:02:13-0700 11[CFG] selecting traffic selectors for us:
2017-08-06T08:02:13-0700 11[CFG]  config: 0.0.0.0/0[newoak], received: 
10.6.3.187/32[icmp] => match: 10.6.3.187/32[icmp/15(161)]


Reply via email to