[Swan-dev] ikev2-x509-05-san-firstemail-match and more
paul at nohats.ca
Sun Feb 3 03:14:08 UTC 2019
On Sat, 2 Feb 2019, D. Hugh Redelmeier wrote:
> Subject: [Swan-dev] ikev2-x509-05-san-firstemail-match and more
> These failed for me last night, in the same way. Failed so badly that the
> status was "unresolved". Mostly because the output seemed truncated.
> 224 "san" #2: STATE_PARENT_I2: v2N_AUTHENTICATION_FAILED
> -002 "san" #2: deleting other state #2 (STATE_PARENT_I2) and NOT sending notification
> +002 "san" #2: deleting state (STATE_PARENT_I2) and NOT sending notification
> +002 "san" #3: initiating v2 parent SA to replace #1
> +133 "san" #3: STATE_PARENT_I0: initiate, replacing #1
> Is this intentional? If so, the reference logs need to be updated.
No. And it is a recent bug. What it should do after deleting state and
before initiating v2 parent SA, is tell you it will rekey in background
and release the whack.
More information about the Swan-dev