[Bug 263748] security/strongswan: Update to 5.9.6
- In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 263748] security/strongswan: Update to 5.9.6"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 07 Jun 2022 07:30:07 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263748
Franco Fichtner <franco@opnsense.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |franco@opnsense.org
--- Comment #5 from Franco Fichtner <franco@opnsense.org> ---
Hi,
There is a regression here with KDF that people report in a few places for both
OPNsense and pfSense, e.g. https://forum.opnsense.org/index.php?topic=28654.0
2022-06-06T22:16:27-07:00 Informational charon 12[NET] <2> sending
packet: from 10.0.0.1[500] to 10.0.0.100[42573] (36 bytes)
2022-06-06T22:16:27-07:00 Informational charon 12[ENC] <2> generating
IKE_SA_INIT response 0 [ N(NO_PROP) ]
2022-06-06T22:16:27-07:00 Informational charon 12[IKE] <2> key derivation
failed
2022-06-06T22:16:27-07:00 Informational charon 12[IKE] <2> KDF_PRF with
PRF_UNDEFINED not supported
2022-06-06T22:16:27-07:00 Informational charon 12[IKE] <2> remote host is
behind NAT
2022-06-06T22:16:27-07:00 Informational charon 12[CFG] <2> selected
proposal: IKE:AES_CBC_256/AES_XCBC_96/PRF_AES128_XCBC/ECP_256
2022-06-06T22:16:27-07:00 Informational charon 12[IKE] <2> 10.0.0.100 is
initiating an IKE_SA
2022-06-06T22:16:27-07:00 Informational charon 12[ENC] <2> parsed
IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP)
N(HASH_ALG) N(REDIR_SUP) ]
2022-06-06T22:16:27-07:00 Informational charon 12[NET] <2> received
packet: from 10.0.0.100[42573] to 10.0.0.1[500] (716 bytes)
Not sure if the KDF default to off is at fault here or the 5.6.6 update but
something is not quite right...
Cheers,
Franco
--
You are receiving this mail because:
You are on the CC list for the bug.