Project

General

Profile

Issue #848

Updated by Tobias Brunner over 5 years ago

Hello,

While building an updown script for special usage,
I noticed that only the following hooks are called
in the script:
* up-client
* down-client

In my scenario, the host this special script was running on, was only a responder.
The connection was made over IPv6.
I inserted the following code at line 155:

<pre>

logger -t STRONGSWAN "DEBUG: $PLUTO_VERB:$1 : $PLUTO_ME $PLUTO_PEER"
</pre>


It created the following output in the syslog:

<pre>

Feb 14 05:08:51 thermi.strangled.net STRONGSWAN[21144]: DEBUG: up-client: : 2a03:4000:6:3064::1 2a02:8071:9186:7d00:5054:ff:fe38:39ee
Feb 14 05:08:51 thermi.strangled.net STRONGSWAN[21155]: DEBUG: down-client: : 2a03:4000:6:3064::1 2a02:8071:9186:7d00:5054:ff:fe38:39ee
Feb 14 05:08:51 thermi.strangled.net STRONGSWAN[21166]: DEBUG: up-client: : 2a03:4000:6:3064::1 2a02:8071:9186:7d00:5054:ff:fe38:39ee
</pre>


It is completely fine that the IPv4 hooks are called for the defined IPv4 subnets, but as the peers
are connecting over IPv6, the following hooks should be called, too:
*


up-host-v6
* down-host-v6

It would be nice that some light would be shed on this and whether this is intended behaviour
or a bug.
Following is the swanctl definition of the connection:

<pre>


home-active {
version = 2
remote_addrs = %any
over_time = 3m
keyingtries = 3
dpd_delay = 10
dpd_timeout = 60
proposals = aes256gcm16-prfsha256-modp4096
send_certreq = no
rekey_time = 0s
local {
id = thermi.strangled.net
auth = psk
}

remote {
id = thermi-home-gw-1
auth = psk
}
children {
home-active {
hostaccess = yes
local_ts = 0.0.0.0/0,::/0
remote_ts = 0.0.0.0/0
esp_proposals = aes256-aesxcbc-modp4096-esn
inactivity = 0s
dpd_action = clear
close_action = clear
rekey_time = 30m
mark_in = 0x1
mark_out = 0x1
updown = /usr/lib/strongswan/updown-active
tfc_padding = 0
ipcomp = yes
replay_window = 128
}
}

}
</pre>

Back