Ok that's noted thx.
BTW do you have an idea what the STATE_MAIN_I3 state i'm stuck is? I
guess it's the state where you send your PSK key and are waiting for the
other part to authenticate it, but I could not find any doc on this. The
IKEv2 RFC does not mention that neither, nor the libreswan doc
(https://libreswan.org/wiki/Pluto_internals). Would be great to have
somewhere the mapping between internal libreswan states/state machine
and the IKE PDUs spec or something. This would may be give a clue of
what's happening. Even better in my case would potentially be a more
explicit message...don't know....
On 4/17/19 11:37 AM, Tuomo Soini wrote:
On Wed, 17 Apr 2019 11:21:42 +0200
Mathieu Rossignol <[email protected]> wrote:
Hi Tuomo,
Thank you very much for your answer.
My last setence was malformed (I meant 'like if the key was invalid')
and in fact I also realized in between that when you change the PSK
file, you must restart the dameon in order to have it taken into
account. With that test (removing the key file), I saw a different
behaviour as expected (no suitable key found). I have also requested
a contact for the other part (VPN other side) to tell me what's wrong
in their logs. Still waiting for an answer. Will follow up if any
news. Many thanks.
You can force rereading psk with command 'ipsec auto --rereadsecrets'
without need for restart.
--
*Mathieu Rossignol*
*Architecte/Développeur Big Data*
[email protected] <mailto:[email protected]> |
+33 (0)6 63646410
*Hurence SAS*
400 Chemin des Longs Prés
38660 LUMBIN, France
http://www.hurence.com <http://www.hurence.com/>
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
