[Openswan dev] Regarding IKE implementation in openswan

SaRaVanAn saravanan.nagarajan87 at gmail.com
Mon Feb 27 10:28:48 EST 2012 

Hi Paul,
    We have developed our own IKE daemon and testing the interoperability
with Openswan. We are facing certain issues and hard to debug.
You might have faced same kind of face in Openswan IKE implementation and
It would be of great help if you help me out on this.

Setup
+++++++
Openswan ------------------------   VPN server (our own IKE daemon)


172.31.114.233                      172.31.114.239


Openswan VPN client is trying to do rekeying with our VPN server but the
IKE packets coming from openswan is not reaching our iskamp socket, it gets
dropped somewhere. I am suspecting the SPD and SAD rules added in Kernel
might be causing the problem.

I Just compared the SAD and SPD rules updated on both sides, I could not
find any difference. I have no clue why the IKE packets are not coming to
our
IKE user space daemon.


Please help if you have ever faced this issue on Openswan IKE
implementation.

SAD and SPD tables for your reference
+++++++++++++++++++++++++++++++
172.31.114.239[any] 172.31.114.233[any] any
    out prio high + 1073739744 ipsec
    esp/transport//unique:11
    created: Feb 27 23:11:19 2012  lastused:
    lifetime: 0(s) validtime: 0(s)
    spid=1545 seq=1 pid=6715
    refcnt=2
172.31.114.233[any] 172.31.114.239[any] any
    in prio high + 1073739744 ipsec
    esp/transport//unique:11
    created: Feb 27 23:11:19 2012  lastused:
    lifetime: 0(s) validtime: 0(s)
    spid=1536 seq=0 pid=6715
    refcnt=2

[root at localhost labuser]# setkey -D

172.31.114.239 172.31.114.233
    esp mode=transport spi=2068115192(0x7b44eef8) reqid=11(0x0000000b)
    E: aes-cbc  fb5adf8f 11c5c019 bf75d0fc 07a7a8ef
    A: hmac-sha1  6b1c2219 4535a933 b2b16230 eb144d92 d13dc2ea
    seq=0x00000000 replay=32 flags=0x00000000 state=mature
    created: Feb 27 23:11:19 2012   current: Feb 27 23:11:27 2012
    diff: 8(s)  hard: 0(s)  soft: 0(s)
    last:                       hard: 0(s)  soft: 0(s)
    current: 0(bytes)   hard: 0(bytes)  soft: 0(bytes)
    allocated: 0    hard: 0 soft: 0
    sadb_seq=1 pid=6718 refcnt=0
172.31.114.233 172.31.114.239
    esp mode=transport spi=1999636893(0x7730099d) reqid=11(0x0000000b)
    E: aes-cbc  a17a73d1 cc9976e5 a51fafe6 851b1d51
    A: hmac-sha1  ab96669f 188bb172 5e6362cb fe7284ad 32af81a9
    seq=0x00000000 replay=32 flags=0x00000000 state=mature
    created: Feb 27 23:11:19 2012   current: Feb 27 23:11:27 2012
    diff: 8(s)  hard: 0(s)  soft: 0(s)
    last:                       hard: 0(s)  soft: 0(s)
    current: 0(bytes)   hard: 0(bytes)  soft: 0(bytes)
    allocated: 0    hard: 0 soft: 0
    sadb_seq=0 pid=6718 refcnt=0

Please let me know if you need more logs for this issue.

Regards,
Saravanan N
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openswan.org/pipermail/dev/attachments/20120227/a16298f4/attachment.html>

More information about the Dev mailing list