[strongSwan] failing to decrypt esp

Chad Winckler cwinckler at westell.com
Wed Mar 6 21:03:35 CET 2013 

Martin Willi <martin at ...> writes:

> 
> 
> > I tried a manual entry and it looks good.  So is there a strongswan config
> > option perhaps I am missing?
> 
> No, looks more like a bug. Unfortunately it is very difficult for me to
> debug this without having such a board. If you want to debug this
> yourself, have a look at [1] how the Netlink messages gets constructed
> in userland. Debugging the kernel at [2] might give you some insight
> what is wrong.
> 
> Regards
> Martin
> 
>
[1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c;hb=HEAD#l1153
>
[2]http://git.strongswan.org/?p=linux-dumm.git;a=blob;f=net/xfrm/xfrm_user.c;hb=HEAD#l570
> 
> 


ok, I can try.  Here is my logs for the inbound SA.  I also added debug in the
kernel but I don't see anything failing.  I will add more debug in the app as
well.  Do you see anything in this log?  If you have modified versions of these
files I can rebuild and provide the output to you and perhaps we can find
something that way?  Or suggestions on what I might be looking for other than an
error?

thanks
Chad


Jan  1 07:14:12 (none) daemon.info charon: 15[CHD] adding inbound ESP SA 
Jan  1 07:14:12 (none) daemon.info charon: 15[CHD]   SPI 0xc186b46d, src
192.168.1.3 dst 192.168.1.208 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL] adding SAD entry with SPI
c186b46d and reqid {3}  (mark 0/0x00000000) 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]   using encryption algorithm
AES_CBC with key size 128 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]   using integrity algorithm
HMAC_SHA1_96 with key size 160 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]   using replay window of 32
packets 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL] sending XFRM_MSG_UPDSA: =>
410 bytes @ 0x67c5a6d8 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]    0: 00 00 01 9A 00 1A 00 05
00 00 01 08 00 00 02 CD  ................ 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]   16: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  ................ 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]   32: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  ................ 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]   48: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  ................ 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]   64: 00 00 00 00 00 00 C0 A8
01 D0 00 00 00 00 00 00  ................ 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]   80: 00 00 00 00 00 00 C1 86
B4 6D 32 00 C0 A8 01 03  .........m2..... 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]   96: 00 00 00 00 00 00 00 00
00 00 00 00 FF FF FF FF  ................ 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]  112: FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF  ................ 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]  128: FF FF FF FF FF FF FF FF
FF FF FF FF 00 00 00 00  ................ 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]  144: 00 00 0A 21 00 00 00 00
00 00 0E 10 00 00 00 00  ...!............ 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]  160: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  ................ 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]  176: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  ................ 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]  192: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  ................ 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]  208: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 03  ................ 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]  224: 00 02 01 20 20 00 00 00
00 58 00 02 61 65 73 00  ...  ....X..aes. 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]  240: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  ................ 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]  256: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  ................ 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]  272: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  ................ 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]  288: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 80  ................ 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]  304: 35 2C 0A F8 23 06 44 83
C7 81 D7 06 9F F2 0F 0C  5,..#.D......... 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]  320: 00 5C 00 01 73 68 61 31
00 00 00 00 00 00 00 00  .\..sha1........ 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]  336: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  ................ 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]  352: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  ................ 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]  368: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  ................ 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]  384: 00 00 00 00 00 00 00 A0
F1 4B 88 BF 4C BD 61 E2  .........K..L.a. 
Jan  1 07:14:12 (none) daemon.info charon: 15[KNL]  400: 14 4D 31 8A E4 84 05 22
29 F3                    .M1...."). 
J

More information about the Users mailing list