Project

General

Profile

Feature #368

Add support for UNITY_DEF_DOMAIN mode config and pass domain to resolvconf

Added by Gerald Turner over 7 years ago.

Status:
New
Priority:
Low
Assignee:
-
Category:
libhydra
Target version:
-
Start date:
27.07.2013
Due date:
Estimated time:
Resolution:

Description

Hi, my understanding is limited, but from I can tell by comparing debug output between strongSwan and vpnc, strongSwan is not asking for UNITY_DEF_DOMAIN. Searching thru the code it seems that the resolver plugin doesn't handle domain names either.

debug output of vpnc initiator requesting UNITY_DEF_DOMAIN mode config (0x7002/ISAKMP_MODECFG_ATTRIB_CISCO_DEF_DOMAIN):

 sending: ========================>
   BEGIN_PARSE
   Received Packet Len: 172
   i_cookie: 9b40e6f4 da9eb65d
   r_cookie: 2872bd24 44a9a36a
   payload: 08 (ISAKMP_PAYLOAD_HASH)
   isakmp_version: 10
   exchange_type: 06 (ISAKMP_EXCHANGE_MODECFG_TRANSACTION)
   flags: 01
   message_id: 1caa68a4
   len: 000000ac

   PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
   next_type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
   length: 0014
   ke.data: a521d5d7 71fd87ce dde14617 38ba1d78
   DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)

   PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
   next_type: 00 (ISAKMP_PAYLOAD_NONE)
   length: 0075
   modecfg.type: 01 (ISAKMP_MODECFG_CFG_REQUEST)
   modecfg.id: 0014
   t.attributes.type: 0001 (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_ADDRESS)
   t.attributes.u.lots.length: 0000
   t.attributes.u.lots.data: 
   t.attributes.type: 0002 (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_NETMASK)
   t.attributes.u.lots.length: 0000
   t.attributes.u.lots.data: 
   t.attributes.type: 0003 (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_DNS)
   t.attributes.u.lots.length: 0000
   t.attributes.u.lots.data: 
   t.attributes.type: 0004 (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_NBNS)
   t.attributes.u.lots.length: 0000
   t.attributes.u.lots.data: 
   t.attributes.type: 7002 (ISAKMP_MODECFG_ATTRIB_CISCO_DEF_DOMAIN)
   t.attributes.u.lots.length: 0000
   t.attributes.u.lots.data: 
   t.attributes.type: 7008 (ISAKMP_MODECFG_ATTRIB_CISCO_FW_TYPE)
   t.attributes.u.lots.length: 000c
   t.attributes.u.lots.data: 80010001 80020001 80030002
   t.attributes.type: 7007 (ISAKMP_MODECFG_ATTRIB_CISCO_DO_PFS)
   t.attributes.u.lots.length: 0000
   t.attributes.u.lots.data: 
   t.attributes.type: 7000 (ISAKMP_MODECFG_ATTRIB_CISCO_BANNER)
   t.attributes.u.lots.length: 0000
   t.attributes.u.lots.data: 
   t.attributes.type: 7001 (ISAKMP_MODECFG_ATTRIB_CISCO_SAVE_PW)
   t.attributes.u.lots.length: 0000
   t.attributes.u.lots.data: 
   t.attributes.type: 7004 (ISAKMP_MODECFG_ATTRIB_CISCO_SPLIT_INC)
   t.attributes.u.lots.length: 0000
   t.attributes.type: 700a (ISAKMP_MODECFG_ATTRIB_CISCO_DDNS_HOSTNAME)
   t.attributes.u.lots.length: 0009
   t.attributes.u.lots.data: 786f2d6c 6170746f 70
   t.attributes.type: 0007 (ISAKMP_MODECFG_ATTRIB_APPLICATION_VERSION)
   t.attributes.u.lots.length: 0028
   t.attributes.u.lots.data:
   43697363 6f205379 7374656d 73205650 4e20436c 69656e74 20302e35 2e337235
   31323a4c 696e7578
   DONE PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)

   PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
   PARSE_OK
   NAT-T mode, adding non-esp marker

debug output of vpnc initiator receiving UNITY_DEF_DOMAIN mode config:

 receiving: <========================
 [2013-07-24 13:51:55]

S6.2 phase2_config receive modecfg
 [2013-07-24 13:51:55]
   BEGIN_PARSE
   Received Packet Len: 964
   i_cookie: 9b40e6f4 da9eb65d
   r_cookie: 2872bd24 44a9a36a
   payload: 08 (ISAKMP_PAYLOAD_HASH)
   isakmp_version: 10
   exchange_type: 06 (ISAKMP_EXCHANGE_MODECFG_TRANSACTION)
   flags: 01
   message_id: 1caa68a4
   len: 000003c4

   PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
   next_type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
   length: 0014
   ke.data: ddab8c10 62f5274d 484f00f5 2c582c54
   DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)

   PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
   next_type: 00 (ISAKMP_PAYLOAD_NONE)
   length: 0394
   modecfg.type: 02 (ISAKMP_MODECFG_CFG_REPLY)
   modecfg.id: 0000
   t.attributes.type: 0001 (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_ADDRESS)
   t.attributes.u.lots.length: 0004
   t.attributes.u.lots.data: ac1f64b5
   t.attributes.type: 0002 (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_NETMASK)
   t.attributes.u.lots.length: 0004
   t.attributes.u.lots.data: fffff000
   t.attributes.type: 0003 (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_DNS)
   t.attributes.u.lots.length: 0004
   t.attributes.u.lots.data: 0a4c4c08
   t.attributes.type: 0003 (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_DNS)
   t.attributes.u.lots.length: 0004
   t.attributes.u.lots.data: 0a4c6b08
   t.attributes.type: 7001 (ISAKMP_MODECFG_ATTRIB_CISCO_SAVE_PW)
   t.attributes.u.attr_16: 0000
   t.attributes.type: 7004 (ISAKMP_MODECFG_ATTRIB_CISCO_SPLIT_INC)
   t.attributes.u.lots.length: 02f4
   t.attributes.u.acl.addr: 0a000000
   t.attributes.u.acl.mask: ff000000
   t.attributes.u.acl.protocol: 0000
   t.attributes.u.acl.sport: 0000
   t.attributes.u.acl.dport: 0000
   ... SNIP ...
   t.attributes.u.acl.addr: d176b3cb
   t.attributes.u.acl.mask: ffffffff
   t.attributes.u.acl.protocol: 0000
   t.attributes.u.acl.sport: 0000
   t.attributes.u.acl.dport: 0000
   t.attributes.type: 7002 (ISAKMP_MODECFG_ATTRIB_CISCO_DEF_DOMAIN)
   t.attributes.u.lots.length: 0011
   t.attributes.u.lots.data:
   636f7270 2e696e74 686f7374 732e6e65 74
   t.attributes.type: 7007 (ISAKMP_MODECFG_ATTRIB_CISCO_DO_PFS)
   t.attributes.u.attr_16: 0001
   t.attributes.type: 0007 (ISAKMP_MODECFG_ATTRIB_APPLICATION_VERSION)
   t.attributes.u.lots.length: 0053
   t.attributes.u.lots.data:
   43697363 6f205379 7374656d 732c2049 6e632041 53413535 35302056 65727369
   6f6e2038 2e342834 29312062 75696c74 20627920 6275696c 64657273 206f6e20
   54687520 31342d4a 756e2d31 32203131 3a3230
   DONE PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)

...in this case "domain corp.inthosts.net" is written to resolvconf.

Also available in: Atom PDF