Hi, Can you check if the parameter passed to the DH_generate_key have both p and g members set? Can you try a different DH group? Like modp-1024? What is on the other side? VPP as well? Can you post the configuration of the initiatior?
Regards, Radu From: vpp-dev-boun...@lists.fd.io [mailto:vpp-dev-boun...@lists.fd.io] On Behalf Of ??? Sent: Thursday, June 1, 2017 8:09 AM To: vpp-dev@lists.fd.io Subject: [vpp-dev] IKEV2 Negotiation Failed Hi guys, We are testing IKEV2. Something run unsuccessfully.The configuration and the information is shown below: configuration: create host-interface name eth0 hw-addr 02:fe:a0:d5:26:62 create host-interface name eth1 hw-addr 02:fe:63:d4:c1:df set interface ip addr host-eth0 192.168.155.11/24 set interface ip addr host-eth1 14.1.1.1/24 set interface state host-eth0 up set interface state host-eth1 up ikev2 profile add pr1 ikev2 profile set pr1 auth shared-key-mic string Vpp123 ikev2 profile set pr1 id local fqdn vpp.home ikev2 profile set pr1 id remote fqdn roadwarrior.vpn.example.com ikev2 profile set pr1 traffic-selector local ip-range 14.1.1.0 - 14.1.1.255 port-range 0 - 65535 protocol 0 ikev2 profile set pr1 traffic-selector remote ip-range 21.1.1.0 - 21.1.1.255 port-range 0 - 65535 protocol 0 Is there anything wrong in my configuration? Failed information: DBGvpp# 0: ikev2_process_sa_init_req:566: ispi 18ee23578923e6c1 rspi 0 nextpayload 21 version 20 exchange 22 flags 8 msgid 0 length 456 0: ikev2_parse_sa_payload:364: proposal num 1 len 44 last_or_more 0 id 1 spi_size 0 num_transforms 4 0: ikev2_parse_sa_payload:406: transform num 0 len 12 last_or_more 3 type encr:aes-cbc-256 id 12 attrs 800e0100 0: ikev2_parse_sa_payload:406: transform num 1 len 8 last_or_more 3 type integ:sha1-96 id 2 0: ikev2_parse_sa_payload:406: transform num 2 len 8 last_or_more 3 type prf:hmac-sha1 id 2 0: ikev2_parse_sa_payload:406: transform num 3 len 8 last_or_more 0 type dh-group:modp-2048 id 14 0: ikev2_parse_notify_payload:464: msg_type NAT_DETECTION_SOURCE_IP len 28 data 60123943d9d1f5645386b64452702ac2c38eab1b 0: ikev2_parse_notify_payload:464: msg_type NAT_DETECTION_DESTINATION_IP len 28 data 36f531a2cf407b56600a5707b42179300aab3660 0: ikev2_parse_notify_payload:464: msg_type SIGNATURE_HASH_ALGORITHMS len 16 data 0001000200030004 0: ikev2_parse_notify_payload:464: msg_type REDIRECT_SUPPORTED len 8 0: ikev2_process_sa_init_req:624: sa state changed to IKEV2_STATE_SA_INIT 0: ikev2_select_proposal:167: bitmap is 1e mandatory is 1e optional is 1e Aborted CAll stack: Program received signal SIGFPE, Arithmetic exception. 0x2b4e9f80 in bn_div_words () from /lib/libcrypto.so.1.0.0 (gdb) bt #0 0x2b4e9f80 in bn_div_words () from /lib/libcrypto.so.1.0.0 #1 0x2b4d8d24 in BN_div () from /lib/libcrypto.so.1.0.0 #2 0x2b4dfd18 in BN_nnmod () from /lib/libcrypto.so.1.0.0 #3 0x2b4e4770 in BN_mod_inverse () from /lib/libcrypto.so.1.0.0 #4 0x2b4eab60 in BN_MONT_CTX_set () from /lib/libcrypto.so.1.0.0 #5 0x2b4eae98 in BN_MONT_CTX_set_locked () from /lib/libcrypto.so.1.0.0 #6 0x2b5191ac in generate_key () from /lib/libcrypto.so.1.0.0 #7 0x2ae26674 in ikev2_generate_dh (sa=0x2b82bb94, t=0x2be390a8) at /home/vpp/build-data/../src/vnet/ipsec/ikev2_crypto.c:410 #8 0x2ae10268 in ikev2_generate_sa_init_data (sa=0x2b82bb94) at /home/vpp/build-data/../src/vnet/ipsec/ikev2.c:368 #9 0x2ae1a28c in ikev2_node_fn (vm=0x2aba0e40, node=0x2bc75340, frame=0x2bf1a500) at /home/vpp/build-data/../src/vnet/ipsec/ikev2.c:2128 #10 0x2ab1d554 in dispatch_node (vm=0x2aba0e40, node=0x2bc75340, type=VLIB_NODE_TYPE_INTERNAL, dispatch_state=VLIB_NODE_STATE_POLLING, frame=0x2bf1a500, last_time_stamp=1320020664777) at /home/vpp/build-data/../src/vlib/main.c:1016 #11 0x2ab1cfa4 in dispatch_pending_node (vm=0x2aba0e40, p=0x2bea84b4, last_time_stamp=1320020664777) at /home/vpp/build-data/../src/vlib/main.c:1162 #12 0x2ab20a94 in vlib_main_or_worker_loop (vm=0x2aba0e40, is_main=1) at /home/vpp/build-data/../src/vlib/main.c:1618 #13 0x2ab1f8cc in vlib_main_loop (vm=0x2aba0e40) at /home/vpp/build-data/../src/vlib/main.c:1638 #14 0x2ab21fc8 in vlib_main (vm=0x2aba0e40, input=0x2b82bfdc) at /home/vpp/build-data/../src/vlib/main.c:1774 #15 0x2ab71688 in thread0 (arg=716836416) at /home/vpp/build-data/../src/vlib/unix/main.c:507 #16 0x2b2c7e18 in clib_calljmp (func=0x2ab7161c <thread0>, func_arg=716836416, stack=0x2b82c000) at /home/vpp/build-data/../src/vppinfra/mips32_clib_jump.c:24 Backtrace stopped: frame did not save the PC (gdb) In addtion,my vpp version: DBGvpp# show version vpp v17.07-rc0~226-gb5c13fd built by root on ubuntu at Fri May 26 18:07:52 PDT 2017 What should I do to solve the problem? Thanks, xyxue ________________________________________ _______________________________________________ vpp-dev mailing list vpp-dev@lists.fd.io https://lists.fd.io/mailman/listinfo/vpp-dev
