On 03/06/2015 07:46 PM, Paul Wouters wrote:
On Fri, 6 Mar 2015, David Mansfield wrote:
I'm attempting to set up a tunnel using libreswan-3.8-6.el7_0.x86_64
on centos 7.
Can you try the 3.12 build? It came out yesterday for RHEL-7.1, not sure
if Centos has picked it up yet. But it should be an easy rpm recompile
with the newer version (and older patches removed)
It is also possibly you have a wrong PSK.
Most likely the PSK - but I'm still waiting from the partner to confirm
it's been deployed correctly on that end (I've checked my transcription
about 5 times).
I tried with the RPM rebuild (libreswan-3.12-5.el7.centos.x86_64.rpm)
and no real difference there that I can see (as far as - "it's still not
working"). One selinux AVC to worry about but I built a custom policy
and it seems to be running.
If I can find out anything else I'll check back.
Mar 6 13:49:37 ipsec-gateway pluto[3647]: | phase 1 is done,
looking for phase 2 to unpend
So is it possible my phase 2 algorithms don't match? It's computing a
"phase 2 iv" and then decrypting then:
No your phase1 did not come up....
Ok. Good to know.
Thanks,
David
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
