[strongSwan] pools attrs

Volodymyr Litovka doka at funlab.cc
Thu Apr 8 00:51:25 CEST 2021 

Hi again,

and there are the following errors in log which can be related to the 
issue -

Apr  7 22:48:55 s2 charon-systemd[25189]: processing INTERNAL_IP4_ADDRESS attribute
Apr  7 22:48:55 s2 charon-systemd[25189]: processing INTERNAL_IP4_NETMASK attribute
Apr  7 22:48:55 s2 charon-systemd[25189]: handling INTERNAL_IP4_NETMASK attribute failed
Apr  7 22:48:55 s2 charon-systemd[25189]: processing INTERNAL_IP4_SERVER attribute
Apr  7 22:48:55 s2 charon-systemd[25189]: handling INTERNAL_IP4_SERVER attribute failed
Apr  7 22:48:55 s2 charon-systemd[25189]: processing INTERNAL_IP4_DNS attribute
Apr  7 22:48:55 s2 charon-systemd[25189]: handling INTERNAL_IP4_DNS attribute failed

seems client side sees multiple attributes I configured on remote side, 
but for some reasons fails to process them.
Any suggestions on where to see for the problem?

Thank you

On 08.04.2021 01:20, Volodymyr Litovka wrote:
>
> Hi colleagues,
>
> are there any ways to get remote side attributes, specified in "pools" 
> section, like:
>
> pools {
>          s1-pool {
>                  addrs = 25.0.0.2-25.0.1.255
>                  netmask = "255.255.254.0"
>          }
> }
>
> at the moment, my updown script on the client shows the following ones 
> upon launch:
>
> updown: PLUTO_PEER_ID=s1
> updown: PLUTO_ME=10.1.2.10
> updown: PLUTO_IF_ID_OUT=10
> updown: PLUTO_PEER_CLIENT=0.0.0.0/0
> updown: PLUTO_IF_ID_IN=10
> updown: PLUTO_VERSION=1.1
> updown: PLUTO_REQID=1
> updown: PLUTO_MY_PORT=0
> updown: PLUTO_MY_PROTOCOL=0
> updown: PLUTO_PEER_PORT=0
> updown: PLUTO_MY_SOURCEIP4_1=25.0.0.2
> updown: PLUTO_CONNECTION=s2
> updown: PLUTO_PEER_PROTOCOL=0
> updown: PLUTO_MY_CLIENT=0.0.0.0/0
> updown: PLUTO_MY_ID=s2
> updown: PLUTO_PEER=10.1.1.10
> updown: PLUTO_VERB=up-client
> updown: PLUTO_INTERFACE=eth0
> updown: PLUTO_UNIQUEID=1
> updown: PLUTO_MY_SOURCEIP=25.0.0.2
> updown: PLUTO_PROTO=esp
> updown: PLUTO_UDP_ENC=4500
>
> and there is no information on 'netmask' which is specified on the server.
>
> Thank you.
>
> -- 
> Volodymyr Litovka
>    "Vision without Execution is Hallucination." -- Thomas Edison

-- 
Volodymyr Litovka
   "Vision without Execution is Hallucination." -- Thomas Edison

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20210408/bb371120/attachment.html>

More information about the Users mailing list