Well I thought I'd test. Just as well. No changes to my confs. Just updated libreswan and tried to reconnect:
First failure: No acceptable ECDSA/RSA-PSS ASN.1 signature hash proposal included for rsasig in I2 Auth Payload responding to IKE_AUTH message (ID 1) from 1.2.3.4:4500 with encrypted notification AUTHENTICATION_FAILED encountered fatal error in state STATE_PARENT_R1 Tried all the encryption combinations I can find on my Endian box and none work. Then I tried my ipsec l2tpd transport and that failed as well: responding to Main Mode from unknown peer 213.4.186.104:46309 OAKLEY_GROUP 2 not supported. Attribute OAKLEY_GROUP_DESCRIPTION OAKLEY_DES_CBC(UNUSED) is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM There is one drawback in increasing security levels. If people can't make it work, they'll just stick to the older insecure versions. And that helps no one really. So the question is how can I make my existing stuff work, or do I just have to revert to 3.29 ? B. Rgds John
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
