Subject: bin/37644: racoon fails to bring IPv6 connections into phase 2
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: None <spz@volans.1st.de>
List: netbsd-bugs
Date: 12/29/2007 16:45:17
>Number: 37644
>Category: bin
>Synopsis: racoon fails to bring IPv6 connections into phase 2
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Dec 29 16:45:17 +0000 2007
>Originator: S.P.Zeidler
>Release: NetBSD 4.99.45
>Organization:
dis-
>Environment:
System: NetBSD volans 4.99.45 NetBSD 4.99.45 (VOLANS) #2: Sat Dec 29 09:36:45 CET 2007 spz@volans:/home/netbsd/src/sys/arch/i386/compile/obj/VOLANS i386
Architecture: i386
Machine: i386
>Description:
racoon fails to bring IPv6 connections into phase 2:
Dec 29 17:03:12 volans racoon: INFO: ISAKMP-SA established
2001:yyyy:yyyy:yyyy:202:2dff:fe87:b210[500]-2001:yyyy:yyyy:yyyy::1[500]
spi:zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
Dec 29 17:03:13 volans racoon: INFO: initiate new phase 2 negotiation:
2001:yyyy:yyyy:yyyy:202:2dff:fe87:b210[500]<=>2001:yyyy:yyyy:yyyy::1[500]
Dec 29 16:14:00 volans racoon: ERROR: mismatched IDci was returned.
Dec 29 16:14:00 volans racoon: ERROR: failed to pre-process packet.
Dec 29 16:14:00 volans racoon: ERROR: phase2 negotiation failed.
(yyyy and zzzz have been used as replacement to protect the guilty :-)
It seems the if in isakmp_quick.c lines 585 and 586:
if (cmpsaddrstrict((struct sockaddr *) &proposed_addr,
(struct sockaddr *) &got_addr) == 0) {
is always false for IPv6.
>How-To-Repeat:
build racoon, try to get a v6 session going
>Fix: