[strongSwan] Help with understanding traffic selectors match
Enrico Cavalli
enrico.cavalli at gmail.com
Fri Dec 1 10:11:46 CET 2017
this one is strange too
between the two tests I only changed debug levels...
this is inacceptable
Dec 1 09:26:29 iulm03 charon: 15[NET] <con1000|1> received packet: from X.Y.Z.W[500] to A.B.C.D[500] (236 bytes)
Dec 1 09:26:29 iulm03 charon: 15[ENC] <con1000|1> parsed CREATE_CHILD_SA request 122 [ SA No TSi TSr N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) ]
Dec 1 09:26:29 iulm03 charon: 15[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Dec 1 09:26:29 iulm03 charon: 15[IKE] <con1000|1> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Dec 1 09:26:29 iulm03 charon: 15[CFG] <con1000|1> looking for a child config for 172.16.199.11/32|/0[icmp] 172.16.199.0/24|/0 === 10.15.1.18/32|/0[icmp] 10.15.1.0/24|/0
Dec 1 09:26:29 iulm03 charon: 15[IKE] traffic selectors 172.16.199.11/32|/0[icmp] 172.16.199.0/24|/0 === 10.15.1.18/32|/0[icmp] 10.15.1.0/24|/0 inacceptable
in this one the child sa gets installed
Dec 1 09:30:26 iulm03 charon: 08[NET] <con1000|1> received packet: from X.Y.Z.W[500] to A.B.C.D[500] (236 bytes)
Dec 1 09:30:26 iulm03 charon: 08[ENC] <con1000|1> parsed CREATE_CHILD_SA request 1 [ SA No TSi TSr N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) ]
Dec 1 09:30:26 iulm03 charon: 08[IKE] <con1000|1> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Dec 1 09:30:26 iulm03 charon: 08[CFG] <con1000|1> looking for a child config for 172.16.199.11/32|/0[icmp] 172.16.199.0/24|/0 === 10.15.1.18/32|/0[icmp] 10.15.1.0/24|/0
Dec 1 09:30:26 iulm03 charon: 08[CFG] <con1000|1> proposing traffic selectors for us:
Dec 1 09:30:26 iulm03 charon: 08[CFG] <con1000|1> 172.16.199.0/24|/0
[...]
More information about the Users
mailing list