[Swan] disconnect after 3600s
paul at nohats.ca
Mon Jan 25 15:04:43 UTC 2021
On Mon, 25 Jan 2021, António Silva wrote:
> I’m using PSK.
> Putting extra debug now.
If you are using PSK then the error CERTIFICATE_UNAVAILABLE from the
remote peer makes no sense whatsoevef.
RFC 2408 states:
3. Process the Certificate Request. If a requested Certificate Type
with the specified Certificate Authority is not available, then
the payload is discarded and the following actions are taken:
(a) The event, CERTIFICATE-UNAVAILABLE, MAY be logged in the
appropriate system audit file.
(b) An Informational Exchange with a Notification payload
containing the CERTIFICATE-UNAVAILABLE message type MAY be
sent to the transmitting entity. This action is dictated by
a system security policy.
I guess your debugging will show if libreswan sent any CERT or CERTREQ
payload that might have confused the other end ?
More information about the Swan