[Swan-dev] attributing IKE problems to the IKE SA
Paul Wouters
paul at nohats.ca
Wed Mar 4 15:54:45 UTC 2020
On Tue, 3 Mar 2020, Andrew Cagney wrote:
> Testing offloading of AUTH on the initiator (vs the responder where
> much of this is hidden) turned up an interesting logging change,
> consider this log:
>
> -002 "westnet-eastnet-ikev2" #2: certificate verified OK:
> E=user-east at testing.libreswan.org,...
> +002 "westnet-eastnet-ikev2" #1: certificate verified OK:
> E=user-east at testing.libreswan.org,...
That seems more correct. The logging should really be with the IKE SA
and not the IPsec SA.
Paul
More information about the Swan-dev
mailing list