Bug #10269
closed
Mutual PSK IPSec tunnels requiring certificate and thus failing authentication
0%
Description
Hi,
I've been running the 2.4.5 nightlies since beta at one site and since RC at two.
In the latest nightlies (I think from 18th Feb onwards) my site-to-site IPSec tunnels won't connect either from 2.4.5<->2.4.5 or 2.4.5<->2.4.4. Unless I've misunderstood what's happening, looking into the log files it seems that the 2.4.5 IKE_SA_INIT request/response is including "CERTREQ" and trying to validate certificates despite being configured to be mutual PSK only. I've attached an example log from a 2.4.4 system trying to connect to a 2.4.5 system.
Files
Updated by Jim Pingle about 4 years ago
- Status changed from New to Not a Bug
I have several PSK-only tunnels on 2.4.5 and 2.5.0 that work without error. Post on the forum for help in diagnosing what might be going on with your config/environment. For example, it may be that the IDs do not match and it's falling through to a mobile config.