You are using IKEv1, so check RFC 2409 :) It could also be a large packet size issue if you are using certificates - try enabling fragmentation=yes
Sent from mobile device > On Apr 17, 2019, at 11:49, Mathieu Rossignol <[email protected]> > wrote: > > Ok that's noted thx. > > BTW do you have an idea what the STATE_MAIN_I3 state i'm stuck is? I guess > it's the state where you send your PSK key and are waiting for the other part > to authenticate it, but I could not find any doc on this. The IKEv2 RFC does > not mention that neither, nor the libreswan doc > (https://libreswan.org/wiki/Pluto_internals). Would be great to have > somewhere the mapping between internal libreswan states/state machine and the > IKE PDUs spec or something. This would may be give a clue of what's > happening. Even better in my case would potentially be a more explicit > message...don't know.... > >> On 4/17/19 11:37 AM, Tuomo Soini wrote: >> On Wed, 17 Apr 2019 11:21:42 +0200 >> Mathieu Rossignol <[email protected]> wrote: >> >>> Hi Tuomo, >>> >>> Thank you very much for your answer. >>> >>> My last setence was malformed (I meant 'like if the key was invalid') >>> and in fact I also realized in between that when you change the PSK >>> file, you must restart the dameon in order to have it taken into >>> account. With that test (removing the key file), I saw a different >>> behaviour as expected (no suitable key found). I have also requested >>> a contact for the other part (VPN other side) to tell me what's wrong >>> in their logs. Still waiting for an answer. Will follow up if any >>> news. Many thanks. >> You can force rereading psk with command 'ipsec auto --rereadsecrets' >> without need for restart. >> > -- > Mathieu Rossignol > Architecte/Développeur Big Data > > [email protected] | +33 (0)6 63646410 > Hurence SAS > 400 Chemin des Longs Prés > 38660 LUMBIN, France > http://www.hurence.com > <Image1> > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
