[prev in list] [next in list] [prev in thread] [next in thread]
List: libreswan
Subject: Re: [Swan] unhandled id type
From: Paul Wouters <paul () nohats ! ca>
Date: 2017-11-28 22:00:49
Message-ID: alpine.LRH.2.21.1711281659120.7998 () bofh ! nohats ! ca
[Download RAW message or body]
On Tue, 28 Nov 2017, Computerisms Corporation wrote:
> I recently reconfigured a system so that I could connect with a Mac to an
> IKEv2 conn. That tested as working, and existing windows workstations that
> were using the system continued working. I added a new cert and configured a
> windows laptop today to connect to this same machine. The machine will
> report that it is connected, but it is passing no data. The firewall will
> report up to certificate verified OK, then it spits out this:
>
> Nov 28 11:57:11 fw-kz pluto[6011]: "rw-ikev2"[1] 50.117.141.6 #1: Unhandled
> ID type -1: 18446744073709551615??
> Nov 28 11:57:11 fw-kz pluto[6011]: "rw-ikev2"[1] 50.117.141.6 #1: X509:
> Certificate rejected for this connection
> Nov 28 11:57:11 fw-kz pluto[6011]: "rw-ikev2"[1] 50.117.141.6 #1: X509: CERT
> payload bogus or revoked
Which version of libreswan is this?
The value -1 is a magic ID value, internal to libreswan and not an RFC
value. It means ID_FROMCERT. This should get expanded to the CERT
received.
If this is a recent version of libreswan, please run ipsec whack --debug-all
then reproduce the issue and mail the the logs offlist.
Paul
_______________________________________________
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic