[strongSwan] attr plugin reads settings but nothing further

flyingrhino flyingrhino at orcon.net.nz
Tue Jan 23 08:39:14 CET 2018 

Hi,

Using the latest version available on my distro:
# ipsec --version
Linux strongSwan U5.6.0/K4.8.0-53-generic

I am trying to pass IP and network information from initator to 
responder.
Following the instructions on the attr plugin page 
(https://wiki.strongswan.org/projects/strongswan/wiki/AttrPlugin), I 
configured the initiator strongswan.conf with the following:
     plugins {
         attr {
             load = yes
             #21000 = "InitiatorTest"
             dns = 192.168.246.1
             address = 192.168.246.68
             netmask = 255.255.255.0
             subnet = 192.168.246.0/24
             7 = "192.168.246.100"
         }
     }


I see the initial loading of the attributes in the initiator syslog:

Jan 20 17:39:22 asus303 charon: 00[DMN] Starting IKE charon daemon 
(strongSwan 5.6.0, Linux 4.8.0-53-generic, x86_64)
Jan 20 17:39:22 asus303 charon: 00[CFG] loaded attribute 
INTERNAL_IP4_DNS: c0:a8:f6:01
Jan 20 17:39:22 asus303 charon: 00[CFG] loaded attribute 
INTERNAL_IP4_ADDRESS: c0:a8:f6:44
Jan 20 17:39:22 asus303 charon: 00[CFG] loaded attribute 
INTERNAL_IP4_NETMASK: ff:ff:ff:00
Jan 20 17:39:22 asus303 charon: 00[CFG] loaded attribute 
INTERNAL_IP4_SUBNET: c0:a8:f6:00:ff:ff:ff:00
Jan 20 17:39:22 asus303 charon: 00[CFG] loaded attribute 
APPLICATION_VERSION: c0:a8:f6:64
...
Jan 20 17:39:22 asus303 charon: 00[LIB] loaded plugins: charon aes attr 
curve25519 gmp hmac kernel-netlink nonce pubkey openssl pem pkcs1 random 
revocation socket-default sha1 sha2 stroke updown x509 xcbc

I've got the full logs, but to keep the message tidy I've quoted the 
relevant bits. If you do need full logs I can send them too.

But then later on during the connection I only see this line mentioning 
'attr':
Jan 20 17:41:18 asus303 charon: 12[IKE] processing INTERNAL_IP4_ADDRESS 
attribute, which comes from the ipsec.conf settings.

On the responder there is no mention of attributes coming through.

I'm sure I'm missing something here. The strongswan website example 
clearly describes how to send the attributes, but what's missing is how 
these attributes show up at the other end and how to process them.

Can someone point me in the right direction?

Thanks.

More information about the Users mailing list