[Swan] disconnect after 3600s
António Silva
asilva at wirelessmundi.com
Mon Jan 25 09:31:02 UTC 2021
Hi,
I’m using PSK.
My configuration:
conn tunnel8-aggr
aggrmode=yes
also=tunnel8
conn tunnel8
pfs=no
type=tunnel
auto=add
ikev2=no
phase2=esp
authby=secret
keyingtries=3
ikelifetime=24h
salifetime=1h
left=92.211.123.17
leftsubnet=0.0.0.0/0
leftid=@xauth.remote.local <mailto:leftid=@xauth.remote.local>
right=%any
rightid=%any
rightaddresspool=192.168.20.100-192.168.20.254
dpddelay=30
dpdtimeout=300
dpdaction=clear
leftxauthserver=yes
rightxauthclient=yes
leftmodecfgserver=yes
rightmodecfgclient=yes
modecfgpull=yes
fragmentation=yes
Putting extra debug now.
--
Saludos / Regards / Cumprimentos
António Silva
> On 23 Jan 2021, at 16:19, Paul Wouters <paul at nohats.ca> wrote:
>
> I see:
>
> Jan 22 17:34:54 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #10: ignoring informational payload CERTIFICATE_UNAVAILABLE, msgid=00000000, length=12
> Jan 22 17:34:54 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #10: received and ignored notification payload: CERTIFICATE_UNAVAILABLE
>
> Why can’t it find a cert doing rekey ? Are you using certs or psk ?
>
> Maybe run with extra debugging and see if we sent a CERT payload in the initial response and not in the rekey reply ?
>
>
>
>
>
> Sent from my iPhone
>
>> On Jan 22, 2021, at 12:32, António Silva <asilva at wirelessmundi.com> wrote:
>>
>> Jan 22 17:34:54 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #10: ignoring informational payload CERTIFICATE_UNAVAILABLE, msgid=00000000, length=12
>> Jan 22 17:34:54 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #10: received and ignored notification payload: CERTIFICATE_UNAVAILABLE
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20210125/876f5025/attachment.html>
More information about the Swan
mailing list