Ubuntu
strongswan package

Bug #1772705
Comment #20

Comment 20 for bug 1772705

Revision history for this message

Simon Déziel (sdeziel) wrote on 2019-12-16:

#20

I have the server side configured with ipsec.conf:

config setup
charondebug="ike 0, enc 0, net 0"

conn %default
  keyexchange=ikev2
  mobike=no
  dpddelay=60
  dpdtimeout=180

conn lp1772705
  left=172.24.26.187
  leftcert=peerCert.der
  leftauth=pubkey
  leftsubnet=8.8.8.8/32
  right=%any
  rightsourceip=172.21.10.0/24
  rightauth=eap-mschapv2
  rightdns=1.1.1.1,1.0.0.1
  eap_identity=%any
  auto=add

With 5.6.2-1ubuntu2.4, I get random garbage as resolvers instead of 1.1.1.1 and 1.0.0.1:

<info> [1576525492.6584] vpn-connection[0x55e5c1c6c810,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data: Internal DNS: 128.157.0.100
<info> [1576525492.6584] vpn-connection[0x55e5c1c6c810,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data: Internal DNS: 240.14.1.80

but I still get random garbage with 5.6.2-1ubuntu2.5:

The following packages will be upgraded:
   libcharon-standard-plugins (5.6.2-1ubuntu2.4 => 5.6.2-1ubuntu2.5)
   libstrongswan (5.6.2-1ubuntu2.4 => 5.6.2-1ubuntu2.5)
   libstrongswan-standard-plugins (5.6.2-1ubuntu2.4 => 5.6.2-1ubuntu2.5)
   strongswan-charon (5.6.2-1ubuntu2.4 => 5.6.2-1ubuntu2.5)
   strongswan-libcharon (5.6.2-1ubuntu2.4 => 5.6.2-1ubuntu2.5)
   strongswan-nm (5.6.2-1ubuntu2.4 => 5.6.2-1ubuntu2.5)
   strongswan-pki (5.6.2-1ubuntu2.4 => 5.6.2-1ubuntu2.5)
   strongswan-starter (5.6.2-1ubuntu2.4 => 5.6.2-1ubuntu2.5)

<info> [1576525739.9236] vpn-connection[0x55e5c1c6c410,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data: Internal DNS: 144.190.1.100
<info> [1576525739.9236] vpn-connection[0x55e5c1c6c410,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data: Internal DNS: 96.221.1.100

I did multiple attempts varying rightdns= to push 1.1.1.1 and/or 1.0.0.1 but they all failed:

$ journalctl -b0 -o cat | grep 'Internal DNS'
<info> [1576525492.6584] vpn-connection[0x55e5c1c6c810,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data: Internal DNS: 128.157.0.100
<info> [1576525492.6584] vpn-connection[0x55e5c1c6c810,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data: Internal DNS: 240.14.1.80
<info> [1576525720.6106] vpn-connection[0x55e5c1c6c610,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data: Internal DNS: 0.48.1.100
<info> [1576525720.6106] vpn-connection[0x55e5c1c6c610,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data: Internal DNS: 80.83.122.160
<info> [1576525739.9236] vpn-connection[0x55e5c1c6c410,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data: Internal DNS: 144.190.1.100
<info> [1576525739.9236] vpn-connection[0x55e5c1c6c410,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data: Internal DNS: 96.221.1.100
<info> [1576526033.7857] vpn-connection[0x56137b6c67f0,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data: Internal DNS: 0.70.3.100
<info> [1576526726.4132] vpn-connection[0x56137b6c61f0,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data: Internal DNS: 48.107.3.100

I have the server side configured with ipsec.conf:

config setup
  charondebug="ike 0, enc 0, net 0"

conn %default
  keyexchange=ikev2
  mobike=no
  dpddelay=60
  dpdtimeout=180

With 5.6.2-1ubuntu2.4, I get random garbage as resolvers instead of 1.1.1.1 and 1.0.0.1:

<info>  [1576525492.6584] vpn-connection[0x55e5c1c6c810,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data:   Internal DNS: 128.157.0.100
<info>  [1576525492.6584] vpn-connection[0x55e5c1c6c810,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data:   Internal DNS: 240.14.1.80

but I still get random garbage with 5.6.2-1ubuntu2.5:

<info>  [1576525739.9236] vpn-connection[0x55e5c1c6c410,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data:   Internal DNS: 144.190.1.100
<info>  [1576525739.9236] vpn-connection[0x55e5c1c6c410,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data:   Internal DNS: 96.221.1.100

I did multiple attempts varying rightdns= to push 1.1.1.1 and/or 1.0.0.1 but they all failed:

$ journalctl -b0 -o cat | grep 'Internal DNS'
<info>  [1576525492.6584] vpn-connection[0x55e5c1c6c810,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data:   Internal DNS: 128.157.0.100
<info>  [1576525492.6584] vpn-connection[0x55e5c1c6c810,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data:   Internal DNS: 240.14.1.80
<info>  [1576525720.6106] vpn-connection[0x55e5c1c6c610,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data:   Internal DNS: 0.48.1.100
<info>  [1576525720.6106] vpn-connection[0x55e5c1c6c610,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data:   Internal DNS: 80.83.122.160
<info>  [1576525739.9236] vpn-connection[0x55e5c1c6c410,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data:   Internal DNS: 144.190.1.100
<info>  [1576525739.9236] vpn-connection[0x55e5c1c6c410,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data:   Internal DNS: 96.221.1.100
<info>  [1576526033.7857] vpn-connection[0x56137b6c67f0,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data:   Internal DNS: 0.70.3.100
<info>  [1576526726.4132] vpn-connection[0x56137b6c61f0,eab8dcdd-e3a9-44b8-a3f0-fabe804d0d84,"lp1772705",0]: Data:   Internal DNS: 48.107.3.100

Ubuntustrongswan package

Comment 20 for bug 1772705

Ubuntu
strongswan package