Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FS#2888 - komd-ipsec4 missing files in latest snapshot #7669

Open
openwrt-bot opened this issue Mar 7, 2020 · 3 comments
Open

FS#2888 - komd-ipsec4 missing files in latest snapshot #7669

openwrt-bot opened this issue Mar 7, 2020 · 3 comments
Labels
flyspray kernel pull request/issue with Linux kernel related changes

Comments

@openwrt-bot
Copy link

rts:

xfrm4_mode_tunnel ,xfrm4_mode_transport and xfrm4_mode_beet are missing in package kmod-ipsec4, it results strongswan failed to add SAD entry, and return netlink error.
It seems that it's because of 1556ed1

@openwrt-bot
Copy link
Author

avbohemen:

It certainly looks like the mentioned commit is at fault:

Trunk:

root@router ~# opkg files kmod-ipsec4
Package kmod-ipsec4 (4.19.115-1) is installed on root and has the following files:
/lib/modules/4.19.115/xfrm4_tunnel.ko
/lib/modules/4.19.115/esp4.ko
/lib/modules/4.19.115/ah4.ko
/etc/modules.d/32-ipsec4
/lib/modules/4.19.115/ipcomp.ko
root@router ~# opkg files kmod-ipsec6
Package kmod-ipsec6 (4.19.115-1) is installed on root and has the following files:
/lib/modules/4.19.115/xfrm6_tunnel.ko
/lib/modules/4.19.115/ipcomp6.ko
/etc/modules.d/32-ipsec6
/lib/modules/4.19.115/esp6.ko
/lib/modules/4.19.115/ah6.ko

Reverted:

root@router ~# opkg files kmod-ipsec4
Package kmod-ipsec4 (4.19.115-1) is installed on root and has the following files:
/lib/modules/4.19.115/xfrm4_mode_beet.ko
/lib/modules/4.19.115/xfrm4_mode_tunnel.ko
/lib/modules/4.19.115/xfrm4_tunnel.ko
/lib/modules/4.19.115/xfrm4_mode_transport.ko
/lib/modules/4.19.115/esp4.ko
/lib/modules/4.19.115/ah4.ko
/etc/modules.d/32-ipsec4
/lib/modules/4.19.115/ipcomp.ko
root@router ~# opkg files kmod-ipsec6
Package kmod-ipsec6 (4.19.115-1) is installed on root and has the following files:
/lib/modules/4.19.115/xfrm6_mode_beet.ko
/lib/modules/4.19.115/xfrm6_tunnel.ko
/lib/modules/4.19.115/xfrm6_mode_tunnel.ko
/lib/modules/4.19.115/ipcomp6.ko
/lib/modules/4.19.115/xfrm6_mode_transport.ko
/etc/modules.d/32-ipsec6
/lib/modules/4.19.115/esp6.ko
/lib/modules/4.19.115/ah6.ko

@openwrt-bot
Copy link
Author

flipreverse:

If I, however, build OpenWRT for my TP-Link C2600 (kernel 5.4), I have to re-apply that commit. Otherwise, the image for a 5.4 kernel failes to buil.d

@aparcar aparcar added the kernel pull request/issue with Linux kernel related changes label Feb 22, 2022
@ptpt52
Copy link
Contributor

ptpt52 commented Mar 22, 2023

mark. somewhat my case:

Wed Mar 22 17:30:03 2023 daemon.info : 08[ENC] parsed ID_PROT request 0 [ SA V V V V V V ]
Wed Mar 22 17:30:03 2023 daemon.info : 08[IKE] received NAT-T (RFC 3947) vendor ID
Wed Mar 22 17:30:03 2023 daemon.info : 08[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Wed Mar 22 17:30:03 2023 daemon.info : 08[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Wed Mar 22 17:30:03 2023 daemon.info : 08[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Wed Mar 22 17:30:03 2023 daemon.info : 08[IKE] received FRAGMENTATION vendor ID
Wed Mar 22 17:30:03 2023 daemon.info : 08[IKE] received DPD vendor ID
Wed Mar 22 17:30:03 2023 daemon.info : 08[IKE] 192.168.16.190 is initiating a Main Mode IKE_SA
Wed Mar 22 17:30:03 2023 authpriv.info : 08[IKE] 192.168.16.190 is initiating a Main Mode IKE_SA
Wed Mar 22 17:30:03 2023 daemon.info : 08[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Wed Mar 22 17:30:03 2023 daemon.info : 08[ENC] generating ID_PROT response 0 [ SA V V V V ]
Wed Mar 22 17:30:03 2023 daemon.info : 13[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Wed Mar 22 17:30:03 2023 daemon.info : 13[IKE] faking NAT situation to enforce UDP encapsulation
Wed Mar 22 17:30:03 2023 daemon.info : 13[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Wed Mar 22 17:30:03 2023 daemon.info : 10[ENC] parsed ID_PROT request 0 [ ID HASH ]
Wed Mar 22 17:30:03 2023 daemon.info : 10[CFG] looking for pre-shared key peer configs matching 192.168.16.1...192.168.16.190[192.168.16.190]
Wed Mar 22 17:30:03 2023 daemon.info : 10[CFG] selected peer config "L2TP-IKEv1-PSK"
Wed Mar 22 17:30:03 2023 daemon.info : 10[IKE] IKE_SA L2TP-IKEv1-PSK[2] established between 192.168.16.1[192.168.16.1]...192.168.16.190[192.168.16.190]
Wed Mar 22 17:30:03 2023 authpriv.info : 10[IKE] IKE_SA L2TP-IKEv1-PSK[2] established between 192.168.16.1[192.168.16.1]...192.168.16.190[192.168.16.190]
Wed Mar 22 17:30:03 2023 daemon.info : 10[ENC] generating ID_PROT response 0 [ ID HASH ]
Wed Mar 22 17:30:03 2023 daemon.info : 04[ENC] parsed INFORMATIONAL_V1 request 3496644802 [ HASH N(INITIAL_CONTACT) ]
Wed Mar 22 17:30:04 2023 daemon.info : 12[ENC] parsed QUICK_MODE request 3685436493 [ HASH SA No ID ID ]
Wed Mar 22 17:30:04 2023 daemon.info : 12[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
Wed Mar 22 17:30:04 2023 daemon.info : 12[IKE] received 28800s lifetime, configured 0s
Wed Mar 22 17:30:04 2023 daemon.info : 12[ENC] generating QUICK_MODE response 3685436493 [ HASH SA No ID ID NAT-OA NAT-OA ]
Wed Mar 22 17:30:04 2023 daemon.info : 09[ENC] parsed QUICK_MODE request 3685436493 [ HASH ]
Wed Mar 22 17:30:04 2023 daemon.info : 09[ESP]   IPsec SA: unsupported mode
Wed Mar 22 17:30:04 2023 daemon.info : 09[ESP] failed to create SAD entry
Wed Mar 22 17:30:04 2023 daemon.info : 09[ESP]   IPsec SA: unsupported mode
Wed Mar 22 17:30:04 2023 daemon.info : 09[ESP] failed to create SAD entry
Wed Mar 22 17:30:04 2023 daemon.info : 09[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernel
Wed Mar 22 17:30:04 2023 daemon.info : 09[IKE] sending DELETE for ESP CHILD_SA with SPI 0cd2b81d
Wed Mar 22 17:30:04 2023 daemon.info : 09[ENC] generating INFORMATIONAL_V1 request 414885161 [ HASH D ]
Wed Mar 22 17:31:02 2023 daemon.info : 04[ENC] parsed INFORMATIONAL_V1 request 3186849135 [ HASH D ]
Wed Mar 22 17:31:02 2023 daemon.info : 04[IKE] received DELETE for ESP CHILD_SA with SPI 0cd2b81d
Wed Mar 22 17:31:02 2023 daemon.info : 04[IKE] CHILD_SA not found, ignored
Wed Mar 22 17:31:02 2023 daemon.info : 12[ENC] parsed INFORMATIONAL_V1 request 2716170180 [ HASH D ]
Wed Mar 22 17:31:02 2023 daemon.info : 12[IKE] received DELETE for IKE_SA L2TP-IKEv1-PSK[2]
Wed Mar 22 17:31:02 2023 daemon.info : 12[IKE] deleting IKE_SA L2TP-IKEv1-PSK[2] between 192.168.16.1[192.168.16.1]...192.168.16.190[192.168.16.190]
Wed Mar 22 17:31:02 2023 authpriv.info : 12[IKE] deleting IKE_SA L2TP-IKEv1-PSK[2] between 192.168.16.1[192.168.16.1]...192.168.16.190[192.168.16.190]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
flyspray kernel pull request/issue with Linux kernel related changes
Projects
None yet
Development

No branches or pull requests

3 participants