[Openswan Users] Openswan-2.6.51.3 - road warrior problem

Siegfried Vogl svogl at vodata.de
Wed May 22 12:06:35 EDT 2019 

Hello,

there are strange problems in 2.6.51.3 with Road Warriors. If an existing tunnel is broken off and the road warrior reconnects, then the new tunnel is set up, 
but no data transmission is possible on the tunnel.
The same process has still worked with version 2.6.41 on the central side.

The client side (road warrior) is "Linux Openswan U2.6.42/K4.4.6__LRP_ST_20170329 (netkey)"

Reproduction:
- Start Pluto on the central side
- Client establishes a tunnel and transmits data
- Cancel a tunnel from the client side without stopping the tunnel (for example, "power off" of the client)
- Restart the client and set up a new tunnel.
- The tunnel is being set up successfully but no data can be transmitted on the tunnel.

In 2.6.41 it looked different. The "old" tunnel was deleted at connecting a new tunnel after "power off" of client.

But it's getting better:
If two clients are configured on different networks on the central side, not even the IP of the client is recognized.
And also here, the tunnel after reconnecting the client after a "power off" is established, but no data transfer is possible.
2.6.41 also works without errors (no logs attached for this constellation).

By the way:
In 2.6.51.3, the version is output incorrectly:
rznv78v2:~/Openswan/openswan-2.6.51.3 # ipsec --version
Linux Openswan U2.6.51.2/K4.4.165-81-default (netkey)
See `ipsec --copyright' for copyright information.
rznv78v2:~/Openswan/openswan-2.6.51.3 #

Attached files:
The working case with 2.6.41:
    - "LogRZNV78.OneClient.txt": Central gateway ("ipsec whack --status"-Output and pluto log)
    - "ipsec.RZNV78.OneClient.conf": "ipsec.conf" of 2.6.41 gateway
    
The problem case with one client configured on the central side and 2.6.51.3:
    - "LogRZNV78v2.OneClient.txt": Central gateway ("ipsec whack --status"-Output and pluto log)
    - "ipsec.RZNV78v2.OneClient.conf": "ipsec.conf" of 2.6.51.3 gateway with one client
    
The problem case with two clients configured on the central side and 2.6.51.3:
    - "LogRZNV78v2.TwoClients.txt": Central gateway ("ipsec whack --status"-Output and pluto log)
    - "ipsec.RZNV78v2.TwoClients.conf": "ipsec.conf" of 2.6.51.3 gateway with two clients configured

Thanks in advance.

Siegfried
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: LogRZNV78.OneClient.txt
URL: <http://lists.openswan.org/pipermail/users/attachments/20190522/e51837f2/attachment-0003.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: LogRZNV78v2.OneClient.txt
URL: <http://lists.openswan.org/pipermail/users/attachments/20190522/e51837f2/attachment-0004.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: LogRZNV78v2.TwoClients.txt
URL: <http://lists.openswan.org/pipermail/users/attachments/20190522/e51837f2/attachment-0005.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ipsec.RZNV78.OneClient.conf
URL: <http://lists.openswan.org/pipermail/users/attachments/20190522/e51837f2/attachment-0003.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ipsec.RZNV78v2.OneClient.conf
URL: <http://lists.openswan.org/pipermail/users/attachments/20190522/e51837f2/attachment-0004.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ipsec.RZNV78v2.TwoClients.conf
URL: <http://lists.openswan.org/pipermail/users/attachments/20190522/e51837f2/attachment-0005.ksh>

More information about the Users mailing list