Bug #3356

ipsec net2net tunnels error

Added by Davide Principi over 5 years ago. Updated over 5 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-ipsec
Target version:v6.7
Security class: Resolution:
Affected version:v6.7-final NEEDINFO:No

Description

Version
nethserver-ipsec-1.1.4-1.ns6.noarch

Symptom
The tunnel is not established

During net2net tunnel connections the following log trace appears

Jan 27 12:40:45 roma pluto[24995]: "vpnnapoli_ipsec-tunnel/1x1" #4: Can't authenticate: no preshared key found for `AAA.BBB.CCC.DDD' and `@napoli'.  Attribute OAKLEY_AUTHENTICATION_METHOD
Jan 27 12:40:45 roma pluto[24995]: "vpnnapoli_ipsec-tunnel/1x1" #4: Can't authenticate: no preshared key found for `AAA.BBB.CCC.DDD' and `@napoli'.  Attribute OAKLEY_AUTHENTICATION_METHOD
Jan 27 12:40:45 roma pluto[24995]: "vpnnapoli_ipsec-tunnel/1x1" #4: no acceptable Oakley Transform
Jan 27 12:40:45 roma pluto[24995]: "vpnnapoli_ipsec-tunnel/1x1" #4: sending notification NO_PROPOSAL_CHOSEN to EEE.FFF.GGG.HHH:500

Note
The leftid is the machine IP address

Associated revisions

Revision 16e69b3e
Added by Davide Principi over 5 years ago

Merge pull request #5 from DavidePrincipi/master

Drop conn %default definition. Refs #3356

History

#1 Updated by Davide Principi over 5 years ago

  • Status changed from TRIAGED to MODIFIED
  • Assignee set to Davide Principi
  • % Done changed from 20 to 60

#2 Updated by Davide Principi over 5 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Davide Principi)
  • % Done changed from 60 to 70

#3 Updated by Nicola Rauso over 5 years ago

  • Assignee set to Nicola Rauso

#4 Updated by Nicola Rauso over 5 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Nicola Rauso)
  • % Done changed from 70 to 90

In nethserver-testing
http://packages.nethesis.it/nethserver/6.7/testing/x86_64/Packages/nethserver-ipsec-1.1.5-1.2.g16e69b3.ns6.noarch.rpm

Tested: OK

The tunnel was correctly established and the erroneous log trace disappeared.

#5 Updated by Giacomo Sanchietti over 5 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Package in nethserver-updates:
  • nethserver-ipsec-1.1.6-1.ns6.noarch.rpm

NS 7 already includes this fix.

Also available in: Atom PDF