Project

General

Profile

Actions

Bug #10269

closed

Mutual PSK IPSec tunnels requiring certificate and thus failing authentication

Added by Chris Sutcliff over 4 years ago. Updated over 4 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
02/18/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.5
Affected Architecture:
All

Description

Hi,

I've been running the 2.4.5 nightlies since beta at one site and since RC at two.

In the latest nightlies (I think from 18th Feb onwards) my site-to-site IPSec tunnels won't connect either from 2.4.5<->2.4.5 or 2.4.5<->2.4.4. Unless I've misunderstood what's happening, looking into the log files it seems that the 2.4.5 IKE_SA_INIT request/response is including "CERTREQ" and trying to validate certificates despite being configured to be mutual PSK only. I've attached an example log from a 2.4.4 system trying to connect to a 2.4.5 system.


Files

ipsec fail.txt (1.89 KB) ipsec fail.txt Chris Sutcliff, 02/19/2020 03:19 AM
Actions #1

Updated by Jim Pingle over 4 years ago

  • Status changed from New to Not a Bug

I have several PSK-only tunnels on 2.4.5 and 2.5.0 that work without error. Post on the forum for help in diagnosing what might be going on with your config/environment. For example, it may be that the IDs do not match and it's falling through to a mobile config.

Actions

Also available in: Atom PDF