[strongSwan] error handling
Modster, Anthony
Anthony.Modster at Teledyne.com
Wed Jun 26 22:16:07 CEST 2019
Hello Tobias
? will the below error cause the ErrorNotifyPlugin to generate an error
13[ENC] parsed IKE_AUTH response 8 [ EAP/REQ/TLS ]
13[IKE] reinitiating already active tasks
13[IKE] IKE_AUTH task
13[ENC] generating IKE_AUTH request 9 [ EAP/RES/TLS ]
13[NET] sending packet: from 192.168.29.129[4500] to 76.232.248.219[4500] (1104 bytes)
08[NET] received packet: from 76.232.248.219[4500] to 192.168.29.129[4500] (80 bytes)
08[ENC] parsed IKE_AUTH response 9 [ EAP/REQ/TLS ]
08[IKE] reinitiating already active tasks
08[IKE] IKE_AUTH task
08[ENC] generating IKE_AUTH request 10 [ EAP/RES/TLS ]
08[NET] sending packet: from 192.168.29.129[4500] to 76.232.248.219[4500] (528 bytes)
11[IKE] retransmit 1 of request with message ID 10
11[NET] sending packet: from 192.168.29.129[4500] to 76.232.248.219[4500] (528 bytes)
12[NET] received packet: from 76.232.248.219[4500] to 192.168.29.129[4500] (96 bytes)
12[ENC] parsed IKE_AUTH response 10 [ EAP/REQ/TLS ]
12[TLS] received fatal TLS alert 'access denied'
12[IKE] EAP_TLS method failed
12[ENC] generating INFORMATIONAL request 11 [ N(AUTH_FAILED) ]
12[NET] sending packet: from 192.168.29.129[4500] to 76.232.248.219[4500] (80 bytes)
12[IKE] IKE_SA ELS-VPAPP-WGL08[1] state change: CONNECTING => DESTROYING
-----Original Message-----
From: Modster, Anthony
Sent: Wednesday, June 26, 2019 9:19 AM
To: 'Tobias Brunner' <tobias at strongswan.org>; users at lists.strongswan.org
Cc: Mesfin Amare <Mesfin.Amare at Teledyne.com>
Subject: RE: [strongSwan] error handling
Thanks
Our systems group will be testing most (if not all the errors).
But it takes them a while to create all the test cases (we need to test CISCO and Windows gateways).
-----Original Message-----
From: Tobias Brunner <tobias at strongswan.org>
Sent: Wednesday, June 26, 2019 1:22 AM
To: Modster, Anthony <Anthony.Modster at Teledyne.com>; users at lists.strongswan.org
Subject: Re: [strongSwan] error handling
---External Email---
Hi Anthony,
> ? will our application be able to detect them using ether: VICI “event
> callbacks” or “ErrorNotifyPlugin”
Why not just try it?
> Inacceptable Constraint check failed
You can't detect that specific error but ERROR_NOTIFY_PEER_AUTH_FAILED will be triggered.
> IKE AUTH response errors
This triggers ERROR_NOTIFY_LOCAL_AUTH_FAILED.
Regards,
Tobias
More information about the Users
mailing list