Project

General

Profile

Feature #831

Multicast/Broadcast via ikev2.

Added by Alex Brew over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
libcharon
Target version:
Start date:
22.01.2015
Due date:
Estimated time:
Resolution:
Fixed

Description

Please include forecast multicast/broacast plug-in developed by Martin Willi from https://github.com/strongswan/strongswan/tree/forecast branch to master one and to built Ubuntu 12/14 nightly Strongswan versions. Or please make ability to allow multicast/broadcast packets transmitting from/to road-warrior (Vpn client) .
I downloaded sources from https://github.com/strongswan/strongswan/tree/forecast, compiled, but there was 5.2.2rc1 and clients couldn' t connect to due to error 13843:
12[ENC] proposal number smaller than previous
12[ENC] SECURITY_ASSOCIATION payload verification failed
12[IKE] message verification failed

But all worked with 5.2.2 from Ubuntu repository, but without forecast plug-in.

And there are no any broadcast packets received at server side sent from client, for example with 255.255.255.255 destination.
I checked by tcpdump, no any broadcast packets came from clients, but outgoing packets counting is at Windows connection property windows.

History

#1 Updated by Martin Willi over 5 years ago

  • Status changed from New to Assigned
  • Assignee set to Martin Willi

Please include forecast multicast/broacast plug-in [...] to master

This certainly will happen, most likely before the next release. However, this branch builds upon other branches (namely reqid-alloc, attr-migrate, make-before-break and forecast), which bring significant changes to core parts of the code base. We need more testing and review of that code before it can go mainline.

Also, we currently lack some documentation for the plugin.

I downloaded sources from https://github.com/strongswan/strongswan/tree/forecast, compiled, but there was 5.2.2rc1 and clients couldn' t connect to due to error 13843:

I've rebased all these branches to the final 5.2.2 release, which should fix that issue.

Regards
Martin

#2 Updated by Alex Brew over 5 years ago

Is there up-to-date version at forecast branch or have not bee uodated yet ?
And have author tested it with broadcast as x.y.z.255 as 255.255.255.255 ?

By the way, as it is intended for bcast also, I suppose this plug-in will support NetBios protocols also (udp/tcp) , am I right ?

#3 Updated by Martin Willi over 5 years ago

  • Category set to libcharon
  • Status changed from Assigned to Closed
  • Target version set to 5.3.0
  • Resolution set to Fixed

The forecast plugin has been merged to master, please refer to the provided test case for a configuration example.

I'm closing the issue for now, let us know if you have any issues.

#4 Updated by Martin Willi over 5 years ago

A first description for the plugin is available on the forecast wiki page.

Also available in: Atom PDF