Greetings fellow list dwellers, > Alternatively, you could try to generate a certificate for this device > with a smaller RSA key (eg 1024) and see if that would (temporarilly) > work around it.
Turned out this was the correct path to a fix, but I didn't see it till I did a verbose tcpdump. The cert with 1024 bit key was still too big, so I made another cert with an 800 bit key, and that succeeded in connecting. I am curious as to how one identifies what is causing this. when I saw it in the tcpdump, it was giving an error like len mismatch: isakmp 1532/ip 1468 when I was using the 1024 key, which makes me think I am not receiving fragmented packets. Yet when I set the tablet as a hotspot and connect with a windows machine through it, I can connect with a 4096 bit cert, and when connecting with the tablet through a non-lte network, the 4096 key works on the tablet too, so surely things are fragmenting? so is this problem a function of the tablet, the firewall, or something in between? _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
