[Swan-dev] please look at test newoe-27-replace-sa-authnull
Paul Wouters
paul at nohats.ca
Mon Jul 23 05:42:12 UTC 2018
On Wed, 18 Jul 2018, D. Hugh Redelmeier wrote:
> It fails with lots of missing XFRMs in road.console.diff
>
> When I look in east.pluto.log, I see this which seems suspicious:
>
> "authenticated"[1] 192.1.3.209 #3: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=aes_gcm_16_256 integ=n/a prf=sha2_512 group=MODP2048}
> "authenticated"[1] 192.1.3.209 #3: Peer ID 'ID_NULL' mismatched on first found connection and no better connection found
> "authenticated"[1] 192.1.3.209 #3: responding to AUTH message (ID 1) from 192.1.3.209:500 with encrypted notification AUTHENTICATION_FAILED
>From the description.txt:
A regular authenticated IPsec tunnel, is established. Then
the initiator is crashed and restarted, and it is configured
to do authnull. The responder should NOT replace the
authenticated session with the anonymous session.
So that is the expected behaviour :)
Paul
More information about the Swan-dev
mailing list