[Swan] disconnect after 3600s

Paul Wouters paul at nohats.ca
Mon Jan 25 15:04:43 UTC 2021

On Mon, 25 Jan 2021, António Silva wrote:

> I’m using PSK.

> Putting extra debug now.

If you are using PSK then the error CERTIFICATE_UNAVAILABLE from the
remote peer makes no sense whatsoevef.

RFC 2408 states:

    3.  Process the Certificate Request.  If a requested Certificate Type
        with the specified Certificate Authority is not available, then
        the payload is discarded and the following actions are taken:

        (a)  The event, CERTIFICATE-UNAVAILABLE, MAY be logged in the
             appropriate system audit file.

        (b)  An Informational Exchange with a Notification payload
             containing the CERTIFICATE-UNAVAILABLE message type MAY be
             sent to the transmitting entity.  This action is dictated by
             a system security policy.

I guess your debugging will show if libreswan sent any CERT or CERTREQ
payload that might have confused the other end ?


More information about the Swan mailing list