Re: ipsec broken
On 28/12/20 11:43, Mao Mei wrote: that package is maintained in the community feeds, please open an issue https://github.com/openwrt/packages/issues and use "@stintel" in the maintainer field to ping the maintainer Thanks for reply, but I think it's not strongswan issue, but a kernel issue. It's easy to verify. #opkg install ip-full kmod-ipsec4 #ip xfrm state add src 192.168.2.100 dst 192.168.1.10 proto esp spi 0x0301 mode tunnel auth sha1 0x96358c90783bbfa3d7b196ceabe0536b enc aes 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel if there is anybody in the community who cares about kmod-ipsec and is interested in fixing it is the maintainers of applications that need it to work. stintel is one of the core developers too, he has commit access to main repo, he can probably handle this. I really think you should open an issue in that repo or send him an email to ping him about the issue. -Alberto ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: Re: ipsec broken
> that package is maintained in the community feeds, please open an issue > https://github.com/openwrt/packages/issues > and use "@stintel" in the maintainer field to ping the maintainer Thanks for reply, but I think it's not strongswan issue, but a kernel issue. It's easy to verify. #opkg install ip-full kmod-ipsec4 #ip xfrm state add src 192.168.2.100 dst 192.168.1.10 proto esp spi 0x0301 mode tunnel auth sha1 0x96358c90783bbfa3d7b196ceabe0536b enc aes 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: ipsec broken
On 27/12/20 16:49, Mao Mei wrote:
It seems that ipsec has been broken for a long time. see
https://forum.openwrt.org/t/ipsec-has-been-broken-for-a-while/81120
log on mt7621:
12[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
12[KNL] got SPI cecfbd68
12[KNL] adding SAD entry with SPI cecfbd68 and reqid {1}
12[KNL] using encryption algorithm AES_CBC with key size 128
12[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160
12[KNL] using replay window of 32 packets
12[KNL] HW offload: no
12[KNL] received netlink error: No such file or directory (2)
12[KNL] unable to add SAD entry with SPI cecfbd68 (FAILED)
12[KNL] adding SAD entry with SPI 04c603db and reqid {1}
12[KNL] using encryption algorithm AES_CBC with key size 128
12[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160
12[KNL] using replay window of 0 packets
12[KNL] HW offload: no
12[KNL] received netlink error: No such file or directory (2)
12[KNL] unable to add SAD entry with SPI 04c603db (FAILED)
12[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernel
12[IKE] failed to establish CHILD_SA, keeping IKE_SA
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
that package is maintained in the community feeds, please open an issue
https://github.com/openwrt/packages/issues
and use "@stintel" in the maintainer field to ping the maintainer
-Alberto
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
ipsec broken
It seems that ipsec has been broken for a long time. see
https://forum.openwrt.org/t/ipsec-has-been-broken-for-a-while/81120
log on mt7621:
12[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
12[KNL] got SPI cecfbd68
12[KNL] adding SAD entry with SPI cecfbd68 and reqid {1}
12[KNL] using encryption algorithm AES_CBC with key size 128
12[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160
12[KNL] using replay window of 32 packets
12[KNL] HW offload: no
12[KNL] received netlink error: No such file or directory (2)
12[KNL] unable to add SAD entry with SPI cecfbd68 (FAILED)
12[KNL] adding SAD entry with SPI 04c603db and reqid {1}
12[KNL] using encryption algorithm AES_CBC with key size 128
12[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160
12[KNL] using replay window of 0 packets
12[KNL] HW offload: no
12[KNL] received netlink error: No such file or directory (2)
12[KNL] unable to add SAD entry with SPI 04c603db (FAILED)
12[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernel
12[IKE] failed to establish CHILD_SA, keeping IKE_SA
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
