Testing offloading of AUTH on the initiator (vs the responder where much of this is hidden) turned up an interesting logging change, consider this log:
-002 "westnet-eastnet-ikev2" #2: certificate verified OK: [email protected],... +002 "westnet-eastnet-ikev2" #1: certificate verified OK: [email protected],... previously the authentication log message was attributed to the CHILD SA (I think this was wrong) but with offloading it (I think correctly) attributed to the IKE SA. It happens because the offloaded AUTH code only has the IKE SA's logging context (and I see no point in dragging over the CHILD SAs context when it's wrong). Andrew _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
