[strongSwan] Forecast plug-in.

CpServiceSPb . cpservicespb at gmail.com
Thu Jan 22 16:37:03 CET 2015 

So, the latest branch was built, started but there are 2 questions:
*First.* After strongswan with forecast plug-in is started, the following
is appeared:

0.2131s / 2079 times in lock created at: dumping 7 stack frame addresses:
  /usr/lib/ipsec/libstrongswan.so.0 @ 0xb7708000 [0xb774aee5]
    ->
/home/gateadmin/files/source/vpn/ipsec/strongswan/forecast/strongswan/src/libstrongswan/threading/thread.c:256
  /usr/lib/ipsec/libstrongswan.so.0 @ 0xb7708000 (thread_create+0x15)
[0xb774b315]
    ->
/home/gateadmin/files/source/vpn/ipsec/strongswan/forecast/strongswan/src/libstrongswan/threading/thread.c:323
  /usr/lib/ipsec/libstrongswan.so.0 @ 0xb7708000 [0xb773adab]
    ->
/home/gateadmin/files/source/vpn/ipsec/strongswan/forecast/strongswan/src/libstrongswan/processing/processor.c:446
  /usr/lib/ipsec/libcharon.so.0 @ 0xb75f4000 [0xb760ad4f]
    ->
/home/gateadmin/files/source/vpn/ipsec/strongswan/forecast/strongswan/src/libcharon/daemon.c:556
  /usr/local/libexec/ipsec/charon @ 0x8048000 [0x804990a]
    ->
/home/gateadmin/files/source/vpn/ipsec/strongswan/forecast/strongswan/src/charon/charon.c:104
  /lib/i386-linux-gnu/libc.so.6 @ 0xb7419000 (__libc_start_main+0xf3)
[0xb7432a83]

in other time:

No leaks detected, 47 suppressed by whitelist
0.1117s / 2924 times in lock created at: dumping 5 stack frame addresses:
  /usr/lib/ipsec/libstrongswan.so.0 @ 0xb76ab000
(leak_detective_create+0x77) [0xb76f0c87]
    ->
/home/gateadmin/files/source/vpn/ipsec/strongswan/forecast/strongswan/src/libstrongswan/utils/leak_detective.c:594
  /usr/lib/ipsec/libstrongswan.so.0 @ 0xb76ab000 (library_init+0xd2)
[0xb76c2f12]
    ->
/home/gateadmin/files/source/vpn/ipsec/strongswan/forecast/strongswan/src/libstrongswan/library.c:278
  /usr/local/libexec/ipsec/starter @ 0x8048000 [0x8049b23]
    ->
/home/gateadmin/files/source/vpn/ipsec/strongswan/forecast/strongswan/src/starter/starter.c:428
  /lib/i386-linux-gnu/libc.so.6 @ 0xb74b3000 (__libc_start_main+0xf3)
[0xb74cca83]
    -> /build/buildd/eglibc-2.19/csu/libc-start.c:321
  /usr/local/libexec/ipsec/starter @ 0x8048000 [0x804abc6]
    -> ??:?

But strongswan started and connection could be established.
Is it normal ?


*So, next question* is I watched by *tcpdump src road-warrior IP*, but
after started strongswan with forecast, there weren' t any packet at all,
but *NetBios bcasts would have to be anyway*.
Part of ipsec.conf:
leftsubnet=192.168.0.0/24
rightsourceip=192.168.0.201-192.168.0.215

and no rightsubnet and leftfirewall

and strongswan.conf, partly:
load = .... forecast

plugins {
        attr {
            poolname = 192.168.0.201-192.168.0.215
            dns = 192.168.0.254
             }
        dhcp {
            server = 192.168.0.255
            force_server_address = yes
        }
        systime-fix {
            threshold=2014
            interval=300
        }
        forecast {
            interface=lan0
            groups=224.10.0.1,224.10.0.2
            reinject=ikev2_cert_eap-mschapv2
        }
    }

What is wrong ?

2015-01-22 16:39 GMT+03:00 Martin Willi <martin at strongswan.org>:

> Please keep the discussion on the mailing list, thanks.
>
> > So, but can you send or place 5.2.2 release (or later) code with your
> > plau-in.
>
> No, the plugin is not part of 5.2.2 or any other release. You'll have to
> build from the forecast git branch [1].
>
> > And does it really allow to transfer broadcast (in particular to dest
> > 255.255.255.255) from/to road-warrior ?
>
> Yes, that's the intention. The plugin is still experimental, but your
> feedback is welcome.
>
> > And the second question was about multiple connections from clients
> behind
> > the same NAT using l2tp/psk/cert.
>
> Take a look at the connmark plugin/branch [2]. It's experimental and not
> part of mainline yet, but it allows you to bind Netfilter conntrack
> session to individual transport mode peers behind the same NAT router.
>
> As there is no documentation for these plugins so far, please refer to
> the NEWS file changes and the two KVM test cases.
>
> Regards
> Martin
>
> [1]
> http://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/forecast
> [2]
> http://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/connmark
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150122/0970cabd/attachment.html>

More information about the Users mailing list