[prev in list] [next in list] [prev in thread] [next in thread] 

List:       libreswan
Subject:    Re: [Swan] unhandled id type
From:       Paul Wouters <paul () nohats ! ca>
Date:       2017-11-28 22:00:49
Message-ID: alpine.LRH.2.21.1711281659120.7998 () bofh ! nohats ! ca
[Download RAW message or body]

On Tue, 28 Nov 2017, Computerisms Corporation wrote:

> I recently reconfigured a system so that I could connect with a Mac to an 
> IKEv2 conn.  That tested as working, and existing windows workstations that 
> were using the system continued working.  I added a new cert and configured a 
> windows laptop today to connect to this same machine.  The machine will 
> report that it is connected, but it is passing no data.  The firewall will 
> report up to certificate verified OK, then it spits out this:
>
> Nov 28 11:57:11 fw-kz pluto[6011]: "rw-ikev2"[1] 50.117.141.6 #1: Unhandled 
> ID type -1: 18446744073709551615??
> Nov 28 11:57:11 fw-kz pluto[6011]: "rw-ikev2"[1] 50.117.141.6 #1: X509: 
> Certificate rejected for this connection
> Nov 28 11:57:11 fw-kz pluto[6011]: "rw-ikev2"[1] 50.117.141.6 #1: X509: CERT 
> payload bogus or revoked

Which version of libreswan is this?

The value -1 is a magic ID value, internal to libreswan and not an RFC
value. It means ID_FROMCERT. This should get expanded to the CERT
received.

If this is a recent version of libreswan, please run ipsec whack --debug-all
then reproduce the issue and mail the the logs offlist.

Paul
_______________________________________________
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic