Re: OpenBSD 6.2 IKED IPv6 Connections and address dropped

2018-02-15 Thread Remi Locherer 
On Thu, Feb 15, 2018 at 06:52:46PM -0200, R0me0 *** wrote:
> Hello guys!
> 
> I have a very weird issue, not sure if a bug, but seems.
> 
> Here my iked.conf
> 
> ikev2 "pufferfish"  passive esp from 0.0.0.0/0 to 192.10.10.0/24 \
>  local 10.10.10.10 peer any  \
>  ikesa enc aes-256 auth hmac-sha2-256 group modp2048 \
>  childsa enc aes-256 auth hmac-sha2-256 group modp2048 \
>  dstid pufferfish psk "mypsk" config address 192.10.10.15
> 
> My default gateway is fe80::1%vmx0
> 
> 
> If I run:
> 
> 
> /etc/rc.d/iked start
> 
> All IPV6 connections are dropped immediately .


iked does that to prevent traffic leakages. Either add IPv6 flows
to your iked.conf or start iked with "-6".


> 
> Even if I remove all IPV6 address from all interfaces I cant back
> 
> OpenBSD reboot is needed !
> 
> all patches applied using syspatch.
> 
> 
> 
> ping6 ::1
> PING ::1 (::1): 56 data bytes
> ping6: sendmsg: No route to host
> ping: wrote ::1 64 chars, ret=-1
> ^C
> --- ::1 ping statistics ---
> 1 packets transmitted, 0 packets received, 100.0% packet loss
> 
> 
> ping6 fe80::1%vmx0
> PING fe80::1%vmx0 (fe80::1%vmx0): 56 data bytes
> ping6: sendmsg: No route to host
> ping: wrote fe80::1%vmx0 64 chars, ret=-1
> ^C
> --- fe80::1%vmx0 ping statistics ---
> 1 packets transmitted, 0 packets received, 100.0% packet loss
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> *rebooting...OpenBSD 6.2 (GENERIC.MP ) #5: Fri Feb  2
> 23:02:19 CET 2018
> r...@syspatch-62-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 1056899072 (1007MB)avail mem = 1017901056
> (970MB)mpath0 at rootscsibus0 at mpath0: 256 targetsmainbus0 at rootbios0
> at mainbus0: SMBIOS rev. 2.7 @ 0xe0010 (242 entries)bios0: vendor Phoenix
> Technologies LTD version "6.00" date 04/05/2016bios0: VMware, Inc. VMware
> Virtual Platformacpi0 at bios0: rev 2acpi0: sleep states S0 S1 S4 S5acpi0:
> tables DSDT FACP BOOT APIC MCFG SRAT HPET WAETacpi0: wakeup devices
> PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3) S8F0(S3) S16F(S3) S17F(S3)
> S18F(S3) S22F(S3) S23F(S3) S24F(S3) S25F(S3) PE40(S3) S1F0(S3) PE50(S3)
> [...]acpitimer0 at acpi0: 3579545 Hz, 24 bitsacpimadt0 at acpi0 addr
> 0xfee0: PC-AT compatcpu0 at mainbus0: apid 0 (boot processor)cpu0:
> Intel(R) Xeon(R) CPU E5-1650 v2 @ 3.50GHz, 3500.11 MHzcpu0:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,ARATcpu0:
> 256KB 64b/line 8-way L2 cachecpu0: TSC frequency 3500112670 Hzcpu0: smt 0,
> core 0, package 0mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed
> rangescpu0: apic clock running at 65MHzcpu1 at mainbus0: apid 2
> (application processor)cpu1: Intel(R) Xeon(R) CPU E5-1650 v2 @ 3.50GHz,
> 3499.85 MHzcpu1:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,ARATcpu1:
> 256KB 64b/line 8-way L2 cachecpu1: smt 0, core 0, package 2ioapic0 at
> mainbus0: apid 1 pa 0xfec0, version 11, 24 pinsacpimcfg0 at acpi0 addr
> 0xf000, bus 0-127acpihpet0 at acpi0: 14318179 Hzacpiprt0 at acpi0: bus
> 0 (PCI0)acpicpu0 at acpi0: C1(@1 halt!)acpicpu1 at acpi0: C1(@1
> halt!)"PNP0001" at acpi0 not configured"VMW0003" at acpi0 not
> configured"PNP0A05" at acpi0 not configuredacpiac0 at acpi0: AC unit
> onlinepvbus0 at mainbus0: VMwarevmt0 at pvbus0pci0 at mainbus0 bus 0pchb0
> at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x01ppb0 at pci0 dev 1
> function 0 "Intel 82443BX AGP" rev 0x01pci1 at ppb0 bus 1pcib0 at pci0 dev
> 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x08pciide0 at pci0 dev 7
> function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0 configured to
> compatibility, channel 1 configured to compatibilitypciide0: channel 0
> disabled (no drives)pciide0: channel 1 disabled (no drives)piixpm0 at pci0
> dev 7 function 3 "Intel 82371AB Power" rev 0x08: SMBus disabled"VMware
> VMCI" rev 0x10 at pci0 dev 7 function 7 not configuredvga1 at pci0 dev 15
> function 0 "VMware SVGA II" rev 0x00wsdisplay0 at vga1 mux 1: console
> (80x25, vt100 emulation)wsdisplay0: screen 1-5 added (80x25, vt100
> emulation)mpi0 at pci0 dev 16 function 0 "Symbios Logic 53c1030" rev 0x01:
> apic 1 int 17mpi0: 0, firmware 1.3.41.32scsibus1 at

OpenBSD 6.2 IKED IPv6 Connections and address dropped

2018-02-15 Thread R0me0 *** 
Hello guys!

I have a very weird issue, not sure if a bug, but seems.

Here my iked.conf

ikev2 "pufferfish"  passive esp from 0.0.0.0/0 to 192.10.10.0/24 \
 local 10.10.10.10 peer any  \
 ikesa enc aes-256 auth hmac-sha2-256 group modp2048 \
 childsa enc aes-256 auth hmac-sha2-256 group modp2048 \
 dstid pufferfish psk "mypsk" config address 192.10.10.15

My default gateway is fe80::1%vmx0


If I run:


/etc/rc.d/iked start

All IPV6 connections are dropped immediately .

Even if I remove all IPV6 address from all interfaces I cant back

OpenBSD reboot is needed !

all patches applied using syspatch.



ping6 ::1
PING ::1 (::1): 56 data bytes
ping6: sendmsg: No route to host
ping: wrote ::1 64 chars, ret=-1
^C
--- ::1 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss


ping6 fe80::1%vmx0
PING fe80::1%vmx0 (fe80::1%vmx0): 56 data bytes
ping6: sendmsg: No route to host
ping: wrote fe80::1%vmx0 64 chars, ret=-1
^C
--- fe80::1%vmx0 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss







































































































































































*rebooting...OpenBSD 6.2 (GENERIC.MP ) #5: Fri Feb  2
23:02:19 CET 2018
r...@syspatch-62-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 1056899072 (1007MB)avail mem = 1017901056
(970MB)mpath0 at rootscsibus0 at mpath0: 256 targetsmainbus0 at rootbios0
at mainbus0: SMBIOS rev. 2.7 @ 0xe0010 (242 entries)bios0: vendor Phoenix
Technologies LTD version "6.00" date 04/05/2016bios0: VMware, Inc. VMware
Virtual Platformacpi0 at bios0: rev 2acpi0: sleep states S0 S1 S4 S5acpi0:
tables DSDT FACP BOOT APIC MCFG SRAT HPET WAETacpi0: wakeup devices
PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3) S8F0(S3) S16F(S3) S17F(S3)
S18F(S3) S22F(S3) S23F(S3) S24F(S3) S25F(S3) PE40(S3) S1F0(S3) PE50(S3)
[...]acpitimer0 at acpi0: 3579545 Hz, 24 bitsacpimadt0 at acpi0 addr
0xfee0: PC-AT compatcpu0 at mainbus0: apid 0 (boot processor)cpu0:
Intel(R) Xeon(R) CPU E5-1650 v2 @ 3.50GHz, 3500.11 MHzcpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,ARATcpu0:
256KB 64b/line 8-way L2 cachecpu0: TSC frequency 3500112670 Hzcpu0: smt 0,
core 0, package 0mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed
rangescpu0: apic clock running at 65MHzcpu1 at mainbus0: apid 2
(application processor)cpu1: Intel(R) Xeon(R) CPU E5-1650 v2 @ 3.50GHz,
3499.85 MHzcpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,ARATcpu1:
256KB 64b/line 8-way L2 cachecpu1: smt 0, core 0, package 2ioapic0 at
mainbus0: apid 1 pa 0xfec0, version 11, 24 pinsacpimcfg0 at acpi0 addr
0xf000, bus 0-127acpihpet0 at acpi0: 14318179 Hzacpiprt0 at acpi0: bus
0 (PCI0)acpicpu0 at acpi0: C1(@1 halt!)acpicpu1 at acpi0: C1(@1
halt!)"PNP0001" at acpi0 not configured"VMW0003" at acpi0 not
configured"PNP0A05" at acpi0 not configuredacpiac0 at acpi0: AC unit
onlinepvbus0 at mainbus0: VMwarevmt0 at pvbus0pci0 at mainbus0 bus 0pchb0
at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x01ppb0 at pci0 dev 1
function 0 "Intel 82443BX AGP" rev 0x01pci1 at ppb0 bus 1pcib0 at pci0 dev
7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x08pciide0 at pci0 dev 7
function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0 configured to
compatibility, channel 1 configured to compatibilitypciide0: channel 0
disabled (no drives)pciide0: channel 1 disabled (no drives)piixpm0 at pci0
dev 7 function 3 "Intel 82371AB Power" rev 0x08: SMBus disabled"VMware
VMCI" rev 0x10 at pci0 dev 7 function 7 not configuredvga1 at pci0 dev 15
function 0 "VMware SVGA II" rev 0x00wsdisplay0 at vga1 mux 1: console
(80x25, vt100 emulation)wsdisplay0: screen 1-5 added (80x25, vt100
emulation)mpi0 at pci0 dev 16 function 0 "Symbios Logic 53c1030" rev 0x01:
apic 1 int 17mpi0: 0, firmware 1.3.41.32scsibus1 at mpi0: 16 targets,
initiator 7sd0 at scsibus1 targ 0 lun 0:  SCSI4
0/direct fixedsd0: 8192MB, 512 bytes/sector, 16777216 sectorsmpi0: target 0
Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1ppb1 at pci0 dev 17
function 0 "VMware PCI" rev 0x02pci2 at ppb1 bus 2uhci0 at pci2 dev 0
function 0 "VMware UHCI" rev 0x00: apic 1 int 18ehci0 at pci2 dev 1
function 0 "VMware EHCI" rev 0x00: apic 1 int 19usb0 at ehci0: USB revision
2.0uhub0 at usb0 configuration 1 interface 0 "VMware EHCI root hub" rev
2.00/1.00 addr 1ahci0 at pci2 dev 3 function 0 "VMware AHCI" rev 0x00: apic
1 int 17, AHCI 1.3ahci0: port 0: 6.0Gb/sscsibus2 at ahci0: 32 targetscd0 at