Bug #2794
Mediation support
Start date:
Due date:
Estimated time:
Affected version:
5.7.1
Resolution:
Description
Hi Team,
I used the below configuration in the ipsec.conf, I'm able to establish tunnels with the multiple peers as i've not mentioned the me_peerid (accroding to the man page , it says if me_peerid is not given it will take up as the right id which is '%any' in this case).
conn medsrv
leftid=gateway@medsrv.org
leftauth=psk
right=10.11.70.111
rightid=mediator@strongswan.org
rightauth=psk
mediation=yes
auto=start
conn Gateway-Agent1
leftauth=psk
rightauth=psk
leftid=gateway@strongswan.org
right=%any
rightid=%any
leftsubnet=3.1.1.0/24
rightsubnet=3.1.1.0/24
mediated_by=medsrv
auto=add
But the same functionality i'm not able to achieve through vici interface, if i don't add the "me_peerid" then i'm seeing the below dump. ( I tried with "%any" in the me_peerid then also it is failing but not dumping)
07[DMN] thread 7 received 11
07[LIB] dumping 1 stack frame addresses:
07[LIB] /lib/x86_64-linux-gnu/libpthread.so.0 @ 0x7f6f544ec000 [0x7f6f544fd390]
07[LIB] -> ??:?
dumping 1 stack frame addresses:
/lib/x86_64-linux-gnu/libpthread.so.0 @ 0x7f6f544ec000 [0x7f6f544fd390]
-> ??:?
07[DMN] killing ourself, received critical signal
Thanks,
Associated revisions
History
#1 Updated by Tobias Brunner 2 months ago
- Tracker changed from Issue to Bug
- Description updated (diff)
- Category set to vici
- Status changed from New to Feedback
- Target version set to 5.7.2
I see. I've pushed a fix to the 2794-vici-peer-id branch. Without the patch you have to configure it explicitly (in your case to the same value as the local identity).
#2 Updated by M Thotager 2 months ago
Thanks Brunner, I will try to apply this patch and verify the scenario
vici: Properly handle absence of peer ID on mediation connections
Fixes #2794.