Project

General

Profile

Bug #2794

Mediation support

Added by M Thotager 2 months ago. Updated 2 months ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
vici
Target version:
Start date:
Due date:
Estimated time:
Affected version:
5.7.1
Resolution:

Description

Hi Team,

I used the below configuration in the ipsec.conf, I'm able to establish tunnels with the multiple peers as i've not mentioned the me_peerid (accroding to the man page , it says if me_peerid is not given it will take up as the right id which is '%any' in this case).

conn medsrv
                leftid=gateway@medsrv.org
                leftauth=psk
                right=10.11.70.111
                rightid=mediator@strongswan.org
                rightauth=psk
                mediation=yes
                auto=start

conn Gateway-Agent1
            leftauth=psk
            rightauth=psk
            leftid=gateway@strongswan.org
            right=%any
            rightid=%any
            leftsubnet=3.1.1.0/24
            rightsubnet=3.1.1.0/24
            mediated_by=medsrv
            auto=add

But the same functionality i'm not able to achieve through vici interface, if i don't add the "me_peerid" then i'm seeing the below dump. ( I tried with "%any" in the me_peerid then also it is failing but not dumping)

07[DMN] thread 7 received 11
07[LIB]  dumping 1 stack frame addresses:
07[LIB]   /lib/x86_64-linux-gnu/libpthread.so.0 @ 0x7f6f544ec000 [0x7f6f544fd390]
07[LIB]     -> ??:?
 dumping 1 stack frame addresses:
  /lib/x86_64-linux-gnu/libpthread.so.0 @ 0x7f6f544ec000 [0x7f6f544fd390]
    -> ??:?
07[DMN] killing ourself, received critical signal

Thanks,

Associated revisions

Revision 6e9cfe97 (diff)
Added by Tobias Brunner about 2 months ago

vici: Properly handle absence of peer ID on mediation connections

Fixes #2794.

History

#1 Updated by Tobias Brunner 2 months ago

  • Tracker changed from Issue to Bug
  • Description updated (diff)
  • Category set to vici
  • Status changed from New to Feedback
  • Target version set to 5.7.2

I see. I've pushed a fix to the 2794-vici-peer-id branch. Without the patch you have to configure it explicitly (in your case to the same value as the local identity).

#2 Updated by M Thotager 2 months ago

Thanks Brunner, I will try to apply this patch and verify the scenario

Also available in: Atom PDF