On Mon, 25 Jan 2021, Kontakt wrote:
what about my case? ;) I have no certificate and also disconnects - I have PSK.
Please set ikelifetime=24h as well ? This is the default value in libreswan 4.2 (which is pending release) Paul
pon., 25 sty 2021 o 16:05 Paul Wouters <[email protected]> napisał(a): On Mon, 25 Jan 2021, António Silva wrote: > I’m using PSK. > Putting extra debug now. If you are using PSK then the error CERTIFICATE_UNAVAILABLE from the remote peer makes no sense whatsoevef. RFC 2408 states: 3. Process the Certificate Request. If a requested Certificate Type with the specified Certificate Authority is not available, then the payload is discarded and the following actions are taken: (a) The event, CERTIFICATE-UNAVAILABLE, MAY be logged in the appropriate system audit file. (b) An Informational Exchange with a Notification payload containing the CERTIFICATE-UNAVAILABLE message type MAY be sent to the transmitting entity. This action is dictated by a system security policy. I guess your debugging will show if libreswan sent any CERT or CERTREQ payload that might have confused the other end ? Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
