Hi Tobias,
Hi Alan,
Any ideas what tiggers the GW to include the CERTREQ? I've been playing
with the sendcert attributes but it doesn't seem to help.
Yep, that's the one.
I've fixed the problem and the solution was very surprising, for me at
least.
The problem was due to the location of the conn section in the
ipsec.conf file.
If the conn section immediately follows the default section then it
works as expected, the server includes the CERTREQ in the SA_INIT response.
if, however, there are other conn sections in between then it fails, the
server does *not* include the CERTREQ in the SA_INIT response.
All I did I was move the conn section. It feels like a bug to me.
regards
Alan
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
