Project

General

Profile

Actions

Bug #9243

closed

IPsec ID type keyid not explicitly set

Added by Christian Merges almost 6 years ago. Updated almost 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
IPsec
Target version:
Start date:
01/01/2019
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.4_1
Affected Architecture:

Description

Identifier type is set to "Key ID tag" on both sides. Sonicwall says in log: "VPN Policy: Local ID type: KEY ID; Remote ID type: FQDN"

IKEv1 main mode PSK.

Actions #1

Updated by Jim Pingle over 5 years ago

  • Subject changed from IPSec Connection to SonicWall to IPsec ID type keyid not explicitly set
  • Target version set to 2.5.0

In fixing #4811 (and #4792) the prefix was dropped from keyid identifiers, see d44e7dc081d01eb106cbc5d4871a88b683ee3b9e

It looks like the prefix needs to come back, at least as an option. Otherwise it puts the ID in as-is, and strongSwan appears to assume it's an FQDN based on context.

Actions #2

Updated by Jim Pingle about 5 years ago

  • Assignee set to Jim Pingle
Actions #3

Updated by Jim Pingle about 5 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #4

Updated by Jim Pingle almost 5 years ago

  • Target version changed from 2.5.0 to 2.4.5
Actions #5

Updated by Jim Pingle almost 5 years ago

  • Status changed from Feedback to Resolved

Keyid now has the appropriate prefix, and works as expected on 2.4.5.a.20191220.0501

    rightid = "keyid:abc123" 

Actions

Also available in: Atom PDF