[Swan-dev] please look at test newoe-27-replace-sa-authnull

Paul Wouters paul at nohats.ca
Mon Jul 23 05:42:12 UTC 2018

On Wed, 18 Jul 2018, D. Hugh Redelmeier wrote:

> It fails with lots of missing XFRMs in road.console.diff
> When I look in east.pluto.log, I see this which seems suspicious:
> "authenticated"[1] #3: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=aes_gcm_16_256 integ=n/a prf=sha2_512 group=MODP2048}
> "authenticated"[1] #3: Peer ID 'ID_NULL' mismatched on first found connection and no better connection found
> "authenticated"[1] #3: responding to AUTH message (ID 1) from with encrypted notification AUTHENTICATION_FAILED

>From the description.txt:

 	A regular authenticated IPsec tunnel, is established. Then
 	the initiator is crashed and restarted, and it is configured
 	to do authnull. The responder should NOT replace the
 	authenticated session with the anonymous session.

So that is the expected behaviour :)


More information about the Swan-dev mailing list