[Swan] Libreswan 3.3.0 breakage
jcrisp at safeandsoundit.co.uk
Mon Feb 17 16:32:28 UTC 2020
Well I thought I'd test. Just as well.
No changes to my confs. Just updated libreswan and tried to reconnect:
No acceptable ECDSA/RSA-PSS ASN.1 signature hash proposal included for
rsasig in I2 Auth Payload
responding to IKE_AUTH message (ID 1) from 22.214.171.124:4500 with encrypted
encountered fatal error in state STATE_PARENT_R1
Tried all the encryption combinations I can find on my Endian box and
Then I tried my ipsec l2tpd transport and that failed as well:
responding to Main Mode from unknown peer 126.96.36.199:46309
OAKLEY_GROUP 2 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
OAKLEY_DES_CBC(UNUSED) is not supported. Attribute
There is one drawback in increasing security levels. If people can't
make it work, they'll just stick to the older insecure versions.
And that helps no one really.
So the question is how can I make my existing stuff work, or do I just
have to revert to 3.29 ?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: OpenPGP digital signature
More information about the Swan