On Thu, 4 Oct 2018, Alex wrote:
I realized I only sent this to you directly last time. I'm still
having trouble and hoped someone could help.
The config file you posted used leftckaid= and you said you copied it to both
sides which wouldn’t work. Can you confir you are trying only with
leftrsasigkey and rightrsasigkey ? If that still fails send me output using
plutodebug=all and fresh certutil / showhostkey output
Yes, I used leftrsasigkey and rightrsasigkey, not the ckaid settings.
Both failed, but now I at least understand why the ckaid settings
failed, after your explanation.
I've attached the logs from the last few minutes after "ipsec start;
ipsec auto --add mytunnel; ipsec auto --up mytunnel" on both sides.
I've also attached the "ipsec status" output from both sides. I've
also attached the current ipsec.conf used on both sides.
Run ipsec whack --listpubkeys on both ends and confirm you have the
proper keys configured?
If not using identical ipsec.conf files on both ends, ensure that you
did not accidentally swap the two keys on one end? Because if you
really only have two keys and libreswan tried the wrong key, that's
the only thing that could have happened, since there would only be
one other key that could be the wrong one which is their own key.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
