Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 07 Jun 2022 07:30:07 +0000
From:      bugzilla-noreply@freebsd.org
To:        ports-bugs@FreeBSD.org
Subject:   [Bug 263748] security/strongswan: Update to 5.9.6
Message-ID:  <bug-263748-7788-xJUwDiTO6s@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-263748-7788@https.bugs.freebsd.org/bugzilla/>
References:  <bug-263748-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D263748

Franco Fichtner <franco@opnsense.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |franco@opnsense.org

--- Comment #5 from Franco Fichtner <franco@opnsense.org> ---
Hi,

There is a regression here with KDF that people report in a few places for =
both
OPNsense and pfSense, e.g. https://forum.opnsense.org/index.php?topic=3D286=
54.0

2022-06-06T22:16:27-07:00   Informational   charon   12[NET] <2> sending
packet: from 10.0.0.1[500] to 10.0.0.100[42573] (36 bytes)=20=20=20
2022-06-06T22:16:27-07:00   Informational   charon   12[ENC] <2> generating
IKE_SA_INIT response 0 [ N(NO_PROP) ]=20=20=20
2022-06-06T22:16:27-07:00   Informational   charon   12[IKE] <2> key deriva=
tion
failed=20=20=20
2022-06-06T22:16:27-07:00   Informational   charon   12[IKE] <2> KDF_PRF wi=
th
PRF_UNDEFINED not supported=20=20=20
2022-06-06T22:16:27-07:00   Informational   charon   12[IKE] <2> remote hos=
t is
behind NAT=20=20=20
2022-06-06T22:16:27-07:00   Informational   charon   12[CFG] <2> selected
proposal: IKE:AES_CBC_256/AES_XCBC_96/PRF_AES128_XCBC/ECP_256=20=20=20
2022-06-06T22:16:27-07:00   Informational   charon   12[IKE] <2> 10.0.0.100=
 is
initiating an IKE_SA=20=20=20
2022-06-06T22:16:27-07:00   Informational   charon   12[ENC] <2> parsed
IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP)
N(HASH_ALG) N(REDIR_SUP) ]=20=20=20
2022-06-06T22:16:27-07:00   Informational   charon   12[NET] <2> received
packet: from 10.0.0.100[42573] to 10.0.0.1[500] (716 bytes)

Not sure if the KDF default to off is at fault here or the 5.6.6 update but
something is not quite right...


Cheers,
Franco

--=20
You are receiving this mail because:
You are on the CC list for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-263748-7788-xJUwDiTO6s>