Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ikev2-redirect-06-roadwarriors #965

Closed
cagney opened this issue Dec 30, 2022 · 1 comment
Closed

ikev2-redirect-06-roadwarriors #965

cagney opened this issue Dec 30, 2022 · 1 comment
Labels
IKEv2 reproduced a test reproducing the problem has been added to the testsuite

Comments

@cagney
Copy link
Collaborator

cagney commented Dec 30, 2022

the redirected connections don't re-establish vis:

"road-east" #1: initiating active session redirect to new gateway (address: 192.1.2.45)
"road-east" #3: initiating IKEv2 connection
"road-east" #3: sent IKE_SA_INIT request to 192.1.2.45:500
packet from 192.1.2.23:500: INFORMATIONAL response has no corresponding IKE SA; message dropped
"road-east" #3: sent IKE_AUTH request {cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
"road-east" #3: initiator established IKE SA; authenticated peer '3072-bit RSASSA-PSS with SHA2_512' digital signature using peer certificate 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' issued by CA 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
"road-east" #4: received INTERNAL_IP4_ADDRESS 192.0.2.102; discarded
"road-east" #4: received INTERNAL_IP4_DNS 1.2.3.4
"road-east" #4: received INTERNAL_IP4_DNS 5.6.7.8
"road-east" #4: CHILD SA failed: TS_UNACCEPTABLE
"road-east" #3: IKE SA established but initiator rejected Child SA response
"road-east" #4: deleting larval Child SA using IKE SA #3
@cagney cagney added IKEv2 regression Functionality that was tested and working. reproduced a test reproducing the problem has been added to the testsuite TS Traffic Selectors labels Dec 30, 2022
lsw-vault pushed a commit that referenced this issue Dec 30, 2022
@cagney
testing: mark ikev2-redirect-06-roadwarriors wip github #965
915fa73 
traffic selector issue
@cagney cagney removed regression Functionality that was tested and working. TS Traffic Selectors labels Jan 1, 2023
@cagney
Copy link
Collaborator Author

cagney commented Jan 1, 2023

not a regression; the test is racy

lsw-vault pushed a commit that referenced this issue Jan 2, 2023
@cagney
ikev2: on initiator, zap existing leases before accepting a new one
c347c76 
Affected redirect (and maybe revival) where a connection instance
is reused.

also help #965
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
IKEv2 reproduced a test reproducing the problem has been added to the testsuite
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cagney