Hello there, first of all: Thank you for providing and maintaining this useful software. It satisfied all my IPSec needs in the past, but now I've run into a problem:
I'm currently trying to set up an IPSec connection on an ARMv5/Debian-based system. I tested it on an 64 bit openSUSE 13.1, as well as on a windows workstation before, using the same configuration (below), and it worked just fine. But on the ARM system it does not; the log says: --- 14/09/17 18:15:58 ## : IKE Daemon, ver 2.2.2 14/09/17 18:15:58 ## : Copyright 2013 Shrew Soft Inc. 14/09/17 18:15:58 ## : This product linked OpenSSL 1.0.1e 11 Feb 2013 14/09/17 18:15:58 ii : opened '/var/log/iked.log' 14/09/17 18:15:58 ii : ipc server process thread begin ... 14/09/17 18:15:58 ii : pfkey process thread begin ... 14/09/17 18:15:58 ii : network process thread begin ... 14/09/17 18:16:01 K< : recv pfkey REGISTER AH message 14/09/17 18:16:01 K< : recv pfkey REGISTER ESP message 14/09/17 18:16:01 K< : recv pfkey REGISTER IPCOMP message 14/09/17 18:16:01 K< : recv pfkey X_SPDDUMP UNSPEC message 14/09/17 18:16:01 ii : - id = 153 14/09/17 18:16:01 ii : - type = IPSEC 14/09/17 18:16:01 ii : - dir = OUTBOUND 14/09/17 18:16:01 ii : - src = 172.16.135.157:0/32 14/09/17 18:16:01 ii : - dst = 192.168.214.32:0/27 14/09/17 18:16:01 ii : - transform #0 14/09/17 18:16:01 ii : -- proto = 50 14/09/17 18:16:01 ii : -- level = UNIQUE 14/09/17 18:16:01 ii : -- mode = TUNNEL 14/09/17 18:16:01 ii : -- reqid = 4 14/09/17 18:16:01 ii : -- tsrc = 135.157.0.0 14/09/17 18:16:01 ii : -- tdst = 177.236.0.0 14/09/17 18:16:01 DB : policy ref increment ( ref count = 1, obj count = 0 ) 14/09/17 18:16:01 DB : policy added ( obj count = 1 ) 14/09/17 18:16:01 DB : policy ref decrement ( ref count = 0, obj count = 1 ) 14/09/17 18:16:01 K< : recv pfkey X_SPDDUMP UNSPEC message 14/09/17 18:16:01 ii : - id = 144 14/09/17 18:16:01 ii : - type = IPSEC 14/09/17 18:16:01 ii : - dir = INBOUND 14/09/17 18:16:01 ii : - src = 192.168.214.32:0/27 14/09/17 18:16:01 ii : - dst = 172.16.135.157:0/32 14/09/17 18:16:01 ii : - transform #0 14/09/17 18:16:01 ii : -- proto = 50 14/09/17 18:16:01 ii : -- level = UNIQUE 14/09/17 18:16:01 ii : -- mode = TUNNEL 14/09/17 18:16:01 ii : -- reqid = 3 14/09/17 18:16:01 ii : -- tsrc = 177.236.0.0 14/09/17 18:16:01 ii : -- tdst = 135.157.0.0 14/09/17 18:16:01 DB : policy ref increment ( ref count = 1, obj count = 1 ) 14/09/17 18:16:01 DB : policy added ( obj count = 2 ) 14/09/17 18:16:01 DB : policy ref decrement ( ref count = 0, obj count = 2 ) 14/09/17 18:16:01 K< : recv pfkey X_SPDDUMP UNSPEC message 14/09/17 18:16:01 ii : - id = 137 14/09/17 18:16:01 ii : - type = IPSEC 14/09/17 18:16:01 ii : - dir = OUTBOUND 14/09/17 18:16:01 ii : - src = 172.16.135.157:0/32 14/09/17 18:16:01 ii : - dst = 192.168.210.0:0/24 14/09/17 18:16:01 ii : - transform #0 14/09/17 18:16:01 ii : -- proto = 50 14/09/17 18:16:01 ii : -- level = UNIQUE 14/09/17 18:16:01 ii : -- mode = TUNNEL 14/09/17 18:16:01 ii : -- reqid = 2 14/09/17 18:16:01 ii : -- tsrc = 135.157.0.0 14/09/17 18:16:01 ii : -- tdst = 177.236.0.0 14/09/17 18:16:01 DB : policy ref increment ( ref count = 1, obj count = 2 ) 14/09/17 18:16:01 DB : policy added ( obj count = 3 ) 14/09/17 18:16:01 DB : policy ref decrement ( ref count = 0, obj count = 3 ) 14/09/17 18:16:01 K< : recv pfkey X_SPDDUMP UNSPEC message 14/09/17 18:16:01 ii : - id = 128 14/09/17 18:16:01 ii : - type = IPSEC 14/09/17 18:16:01 ii : - dir = INBOUND 14/09/17 18:16:01 ii : - src = 192.168.210.0:0/24 14/09/17 18:16:01 ii : - dst = 172.16.135.157:0/32 14/09/17 18:16:01 ii : - transform #0 14/09/17 18:16:01 ii : -- proto = 50 14/09/17 18:16:01 ii : -- level = UNIQUE 14/09/17 18:16:01 ii : -- mode = TUNNEL 14/09/17 18:16:01 ii : -- reqid = 1 14/09/17 18:16:01 ii : -- tsrc = 177.236.0.0 14/09/17 18:16:01 ii : -- tdst = 135.157.0.0 14/09/17 18:16:01 DB : policy ref increment ( ref count = 1, obj count = 3 ) 14/09/17 18:16:01 DB : policy added ( obj count = 4 ) 14/09/17 18:16:01 DB : policy ref decrement ( ref count = 0, obj count = 4 ) --- The logfile on the desktop machine looked completely different; when comparing the addresses in the tsrc and tdst fields of other messages, like X_SPDADD, they seemed scrambled. I already tried https://lists.shrew.net/pipermail/vpn-help/2008-November/000950.html, but that doesn't seem to be the cause. To make things more difficult, I can't run iked in gdb on the ARM system, as it terminates with SIGILL right at the beginning. Again, this works on the workstation. My configuration file is: --- n:version:4 n:network-ike-port:500 n:network-mtu-size:1380 n:client-addr-auto:1 n:network-natt-port:4500 n:network-natt-rate:15 n:network-frag-size:540 n:network-dpd-enable:1 n:client-banner-enable:0 n:network-notify-enable:1 n:client-dns-used:0 n:client-dns-auto:0 n:client-dns-suffix-auto:0 n:client-splitdns-used:1 n:client-splitdns-auto:0 n:client-wins-used:0 n:client-wins-auto:0 n:phase1-dhgroup:2 n:phase1-life-secs:86400 n:phase1-life-kbytes:0 n:vendor-chkpt-enable:0 n:phase2-life-secs:3600 n:phase2-life-kbytes:0 n:policy-nailed:0 n:policy-list-auto:0 n:phase1-keylen:256 n:phase2-keylen:256 s:network-host:xxx.xxx.xxx.xxx s:client-auto-mode:disabled s:client-iface:direct s:network-natt-mode:enable s:network-frag-mode:enable s:auth-method:mutual-psk s:ident-client-type:keyid s:ident-server-type:address s:ident-client-data:xxxxxx.xxxxx.xxx b:auth-mutual-psk:xxxxxxxxxxxxxx s:phase1-exchange:aggressive s:phase1-cipher:3des s:phase1-hash:sha1 s:phase2-transform:esp-3des s:phase2-hmac:sha1 s:ipcomp-transform:disabled n:phase2-pfsgroup:-1 s:policy-level:unique s:policy-list-include:192.168.210.0 / 255.255.255.0,192.168.214.32 / 255.255.255.224 --- I tried the binaries from the debian package (wheezy), as well as the versions 2.2.0 and 2.2.2 from the repository. For compilation I used the options -DDEBUG=YES -DQTGUI=NO -DNATT=YES -DLDAP=NO. Kernel version is 3.13.6. Best regards, S.Schork _______________________________________________ vpn-help mailing list [email protected] https://lists.shrew.net/mailman/listinfo/vpn-help
