Project

General

Profile

Actions

Bug #10269

closed

Mutual PSK IPSec tunnels requiring certificate and thus failing authentication

Added by Chris Sutcliff almost 5 years ago. Updated almost 5 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
02/18/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.5
Affected Architecture:
All

Description

Hi,

I've been running the 2.4.5 nightlies since beta at one site and since RC at two.

In the latest nightlies (I think from 18th Feb onwards) my site-to-site IPSec tunnels won't connect either from 2.4.5<->2.4.5 or 2.4.5<->2.4.4. Unless I've misunderstood what's happening, looking into the log files it seems that the 2.4.5 IKE_SA_INIT request/response is including "CERTREQ" and trying to validate certificates despite being configured to be mutual PSK only. I've attached an example log from a 2.4.4 system trying to connect to a 2.4.5 system.


Files

ipsec fail.txt (1.89 KB) ipsec fail.txt Chris Sutcliff, 02/19/2020 03:19 AM
Actions

Also available in: Atom PDF