Hi, We've made significant progress with combined IPv[46] support. Would you be interested in trying things out with a windows client? To enable this just specify both IPv4 and IPv6, something like: rightsubnet=2001:db8:0:2::/64,192.0.2.0/24 leftaddresspool=2001:db8:0:3:1::/97,192.0.3.100/28 of course this is all still work-in-progress.
Andrew On Tue, 1 Nov 2022 at 00:34, Mirsad Goran Todorovac < [email protected]> wrote: > Yes, this fixed this issue. :) > Now the Win 10 client connected: > > Thanks. > > Now only to make IPv6-over-IPv6 connection work. > > However, restoring IPv4 VPN regression after upgrade to IPv6 will suffice. > IPv6 VPN would be a nice > thing to have, especially dual-stack, IMHO but any VPN is better than > broken VPN (as a quantum difference). > > Kind regards, > Mirsad > On 11/1/2022 3:45 AM, Andrew Cagney wrote: > > Thanks. Here's the only bit of the log that's needed: > > Nov 1 03:11:55.547595: | ***parse IKEv2 Configuration Payload Attribute: > Nov 1 03:11:55.547626: | Attribute Type: IKEv2_INTERNAL_IP4_ADDRESS (0x1) > Nov 1 03:11:55.547653: | length/value: 0 (00 00) > Nov 1 03:11:55.547687: | connection both thinks it has, and really has a > lease > Nov 1 03:11:55.547754: | ***parse IKEv2 Configuration Payload Attribute: > Nov 1 03:11:55.547780: | Attribute Type: IKEv2_INTERNAL_IP4_DNS (0x3) > Nov 1 03:11:55.547808: | length/value: 0 (00 00) > Nov 1 03:11:55.547835: | ignoring attribute IKEv2_INTERNAL_IP4_DNS length 0 > Nov 1 03:11:55.547859: | ***parse IKEv2 Configuration Payload Attribute: > Nov 1 03:11:55.547885: | Attribute Type: IKEv2_INTERNAL_IP4_NBNS (0x4) > Nov 1 03:11:55.547913: | length/value: 0 (00 00) > Nov 1 03:11:55.547940: | ignoring attribute IKEv2_INTERNAL_IP4_NBNS length 0 > Nov 1 03:11:55.547982: "MYCONN-ikev2-cp"[2] 188.252.197.105 #4: ERROR: > malformed CP attributeAttribute Type of IKEv2 Configuration Payload Attribute > has an unknown value: 23456 (0x5ba0) > Nov 1 03:11:55.548011: | should_send_delete: #4? no, IKEv2 SA in state > STATE_V2_IKE_AUTH_CHILD_R0 is not established > > Try 2cc01a03a8c4bcfcb7c808f233756e96bdb6cfbe > > > On Mon, 31 Oct 2022 at 22:16, Mirsad Goran Todorovac < > [email protected]> wrote: > >> Thanks you, Sir! >> >> Actually, the connection was never established. >> >> The error mesg in Win 10 is: >> >> The "first bad commit" session log is here: >> https://magrf.grf.hr/~mtodorov/tmp/ikev2-ipv4-20221101-01.log >> >> Kind regards, >> Mirsad >> On 10/31/2022 8:45 PM, Andrew Cagney wrote: >> >> Nice work. >> >> > I have noticed today (after having figured out how to connect IPv4-only >> from Windows 10) that I lose connectivity >> with github libreswan, while I still had it with libreswan-4.9 from >> tarball. >> >> When you say "lose" connectivity, do you mean it never connects or dies >> after a short while? >> >> >> https://github.com/libreswan/libreswan/commit/bc47dcf87733484f5701b02212c3015a711ca1a9 >> added code to check the content of the CP payload so, presumably, microsoft >> is sending something pluto didn't expect. >> >> Was there an error related to CP in the logs? And if possible try a test >> run with debug=all enabled so that the CP payloads are captured and put >> that in a bug. >> >> >> >> >> On Mon, 31 Oct 2022 at 15:07, Mirsad Goran Todorovac < >> [email protected]> wrote: >> >>> Hi all, >>> >>> I have noticed today (after having figured out how to connect IPv4-only >>> from Windows 10) that I lose connectivity >>> with github libreswan, while I still had it with libreswan-4.9 from >>> tarball. >>> >>> I felt inspired and bisect gave this (at this commit I lost IPv4 Win 10 >>> connectivity): >>> >>> git bisect good e75c5ce30d7b6e5311dd05a4d0512a5f61add78f >>> # bad: [4e1ceb32c64b8b077c41c538e39c5b6252b826b6] connections: pass >>> struct connection_end into extract_end() >>> git bisect bad 4e1ceb32c64b8b077c41c538e39c5b6252b826b6 >>> # bad: [bc47dcf87733484f5701b02212c3015a711ca1a9] ikev2: during IKE_AUTH >>> parse IKEv2 CP requests >>> git bisect bad bc47dcf87733484f5701b02212c3015a711ca1a9 >>> # good: [823443d6c796340128720a295c99f7eacae09d67] connections: (more) >>> use ...->host->config rather than ...->config->host >>> git bisect good 823443d6c796340128720a295c99f7eacae09d67 >>> # first bad commit: [bc47dcf87733484f5701b02212c3015a711ca1a9] ikev2: >>> during IKE_AUTH parse IKEv2 CP requests >>> root@magrf:~/libreswan# >>> >>> Windows specs: >>> >>> >>> VPN server is on Debian 11 Bullseye and stock kernel, on a rather old >>> development can. >>> >>> Hope this helps. >>> >>> Kind regards, >>> Mirsad >>> >>> -- >>> Mirsad Todorovac >>> Sistem inženjer >>> Grafički fakultet | Akademija likovnih umjetnosti >>> Sveučilište u Zagrebu >>> -- >>> System engineer >>> Faculty of Graphic Arts | Academy of Fine Arts >>> University of Zagreb, Republic of Croatia >>> tel. +385 (0)1 3711 451 >>> mob. +385 91 57 88 355 >>> >>> -- >> Mirsad Todorovac >> Sistem inženjer >> Grafički fakultet | Akademija likovnih umjetnosti >> Sveučilište u Zagrebu >> -- >> System engineer >> Faculty of Graphic Arts | Academy of Fine Arts >> University of Zagreb, Republic of Croatia >> tel. +385 (0)1 3711 451 >> mob. +385 91 57 88 355 >> >> -- > Mirsad Todorovac > Sistem inženjer > Grafički fakultet | Akademija likovnih umjetnosti > Sveučilište u Zagrebu > -- > System engineer > Faculty of Graphic Arts | Academy of Fine Arts > University of Zagreb, Republic of Croatia > tel. +385 (0)1 3711 451 > mob. +385 91 57 88 355 > >
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
