[Swan-dev] 5.0 RC1 connection not found

Sat, 13 Jan 2024 12:26:32 -0800

I have two hosts: Ritchie and Tarjan. Tarjan is running Libreswan 4.12, so that I can test "mixed" environments.
For Ritchie, I have downloaded 5.0 RC1, installed all of the dependencies, and built the software. I have created and installed the necessary certificates. I have assigned the necessary addresses (IPv6 ULA) to the interfaces. 

Tarjan                      Ritchie
ens7                        enp4s0
fd51:20d9:5ad2:b::1 <-----> fd51:20d9:5ad2:b::2
Libreswan 4.12              Libreswan 5.0 RC1

The certificates are in place:

dev@Ritchie:~$ sudo certutil -L -d /var/lib/ipsec/nss


Certificate Nickname                                         Trust 
Attributes


SSL,S/MIME,JAR/XPI

RIcert                                                       u,u,u
HSPLCA                                                       CT,,



Then, I start ipsec, and attempt to add the connection (using the new 
syntax in 5.0 RC1):


dev@Ritchie:~$ sudo ipsec setup start
[sudo] password for dev:
Redirecting to: systemctl start ipsec.service
dev@Ritchie:~$ sudo ipsec add RITA6c
conn 'RITA6c': not found (tried aliases)


Here are the contents of file RITA6C, and the listing of the IPv6 
addresses on Ritchie:


root@Ritchie:/etc/ipsec.d# cat RITA6C
conn RITA6c
   left=fd51:20d9:5ad2:b::2
   leftid="CN=Ritchie Certificate"
   leftrsasigkey=%cert
   leftcert=RIcert
   right=fd51:20d9:5ad2:b::1
   rightid="CN=Tarjan Certificate"
   rightrsasigkey=%cert
   auto=add

root@Ritchie:/etc/ipsec.d# ip -6 addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fd51:20d9:5ad2:b::2/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::21a:a0ff:fe15:62b8/64 scope link
       valid_lft forever preferred_lft forever
3: enp5s4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::20e:cff:fea9:b90f/64 scope link
       valid_lft forever preferred_lft forever
4: enp5s5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::20e:cff:fea9:b937/64 scope link
       valid_lft forever preferred_lft forever
root@Ritchie:/etc/ipsec.d#


Does anyone have suggestions for finding the source of this error?  I 
don't see any debugging options on the ipsec command.


Any help will be appreciated.

  Bill


P.S. The above configuration works between two hosts running 4.12. (with 
"auto --add" rather than "add").

_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev






















					Reply via email to