Hi,
I hit two problems after upgrading to 5.2.
System on both sides is a Debian wheezy 64. Strongswan compiled with:
[client]
./configure --prefix=/usr --sysconfdir=/etc --enable-blowfish
--enable-curl --enable-openssl --disable-ikev1 --enable-ntru
[gateway]
./configure --prefix=/usr --sysconfdir=/etc --enable-blowfish
--enable-curl --enable-eap-radius --enable-ha --enable-openssl
--enable-xauth-eap --enable-eap-mschapv2 --enable-eap-identity
--enable-sql --enable-attr-sql --enable-sqlite --enable-xauth-noauth
--enable-ntru
1. I get this error on both systems after upgrade:
ipsec_starter[3318]: notifying watcher failed: Broken pipe
2. I had to roll back to 5.1.3 on the gateway because I couldn't
connect from other linux IKEv2 clients which authenticate via X.509
certificates.
I got: no trusted RSA public key found for NAME
On the other side IKEv1 connections from Mac/iOS with certificates and
IKEv2 connections from Windows clients with eap-mschapv2 had no
problems.
(No Win7 Client with IKEv2 and X509 certificates try to connect that
time)
As the gateway is in productive use I coudn't debug the problem for
long.
I have a second server with the same configuration that I can use to
dig deeper into the problem. What further information would you need,
what debug levels should I use?
All the while the gateway is back on 5.1.3 while my home client is
still on 5.2 and can connect despite the Broken Pipe error.
Best Regards
Dirk
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users