On Tue, 28 Nov 2017, Computerisms Corporation wrote:
I recently reconfigured a system so that I could connect with a Mac to an
IKEv2 conn. That tested as working, and existing windows workstations that
were using the system continued working. I added a new cert and configured a
windows laptop today to connect to this same machine. The machine will
report that it is connected, but it is passing no data. The firewall will
report up to certificate verified OK, then it spits out this:
Nov 28 11:57:11 fw-kz pluto[6011]: "rw-ikev2"[1] 50.117.141.6 #1: Unhandled
ID type -1: 18446744073709551615??
Nov 28 11:57:11 fw-kz pluto[6011]: "rw-ikev2"[1] 50.117.141.6 #1: X509:
Certificate rejected for this connection
Nov 28 11:57:11 fw-kz pluto[6011]: "rw-ikev2"[1] 50.117.141.6 #1: X509: CERT
payload bogus or revoked
Which version of libreswan is this?
The value -1 is a magic ID value, internal to libreswan and not an RFC
value. It means ID_FROMCERT. This should get expanded to the CERT
received.
If this is a recent version of libreswan, please run ipsec whack --debug-all
then reproduce the issue and mail the the logs offlist.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
