Hi,
I’m using PSK.
My configuration:
conn tunnel8-aggr
aggrmode=yes
also=tunnel8
conn tunnel8
pfs=no
type=tunnel
auto=add
ikev2=no
phase2=esp
authby=secret
keyingtries=3
ikelifetime=24h
salifetime=1h
left=92.211.123.17
leftsubnet=0.0.0.0/0
[email protected] <mailto:[email protected]>
right=%any
rightid=%any
rightaddresspool=192.168.20.100-192.168.20.254
dpddelay=30
dpdtimeout=300
dpdaction=clear
leftxauthserver=yes
rightxauthclient=yes
leftmodecfgserver=yes
rightmodecfgclient=yes
modecfgpull=yes
fragmentation=yes
Putting extra debug now.
--
Saludos / Regards / Cumprimentos
António Silva
> On 23 Jan 2021, at 16:19, Paul Wouters <[email protected]> wrote:
>
> I see:
>
> Jan 22 17:34:54 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #10: ignoring
> informational payload CERTIFICATE_UNAVAILABLE, msgid=00000000, length=12
> Jan 22 17:34:54 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #10: received
> and ignored notification payload: CERTIFICATE_UNAVAILABLE
>
> Why can’t it find a cert doing rekey ? Are you using certs or psk ?
>
> Maybe run with extra debugging and see if we sent a CERT payload in the
> initial response and not in the rekey reply ?
>
>
>
>
>
> Sent from my iPhone
>
>> On Jan 22, 2021, at 12:32, António Silva <[email protected]> wrote:
>>
>> Jan 22 17:34:54 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #10: ignoring
>> informational payload CERTIFICATE_UNAVAILABLE, msgid=00000000, length=12
>> Jan 22 17:34:54 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #10: received
>> and ignored notification payload: CERTIFICATE_UNAVAILABLE
>
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
