[Swan] unhandled id type
Paul Wouters
paul at nohats.ca
Tue Nov 28 22:00:49 UTC 2017
On Tue, 28 Nov 2017, Computerisms Corporation wrote:
> I recently reconfigured a system so that I could connect with a Mac to an
> IKEv2 conn. That tested as working, and existing windows workstations that
> were using the system continued working. I added a new cert and configured a
> windows laptop today to connect to this same machine. The machine will
> report that it is connected, but it is passing no data. The firewall will
> report up to certificate verified OK, then it spits out this:
>
> Nov 28 11:57:11 fw-kz pluto[6011]: "rw-ikev2"[1] 50.117.141.6 #1: Unhandled
> ID type -1: 18446744073709551615??
> Nov 28 11:57:11 fw-kz pluto[6011]: "rw-ikev2"[1] 50.117.141.6 #1: X509:
> Certificate rejected for this connection
> Nov 28 11:57:11 fw-kz pluto[6011]: "rw-ikev2"[1] 50.117.141.6 #1: X509: CERT
> payload bogus or revoked
Which version of libreswan is this?
The value -1 is a magic ID value, internal to libreswan and not an RFC
value. It means ID_FROMCERT. This should get expanded to the CERT
received.
If this is a recent version of libreswan, please run ipsec whack --debug-all
then reproduce the issue and mail the the logs offlist.
Paul
More information about the Swan
mailing list