Actions
Bug #10269
closedMutual PSK IPSec tunnels requiring certificate and thus failing authentication
Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
02/18/2020
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.5
Affected Architecture:
All
Description
Hi,
I've been running the 2.4.5 nightlies since beta at one site and since RC at two.
In the latest nightlies (I think from 18th Feb onwards) my site-to-site IPSec tunnels won't connect either from 2.4.5<->2.4.5 or 2.4.5<->2.4.4. Unless I've misunderstood what's happening, looking into the log files it seems that the 2.4.5 IKE_SA_INIT request/response is including "CERTREQ" and trying to validate certificates despite being configured to be mutual PSK only. I've attached an example log from a 2.4.4 system trying to connect to a 2.4.5 system.
Files
Actions