[Swan] disconnect after 3600s
Paul Wouters
paul at nohats.ca
Mon Jan 25 16:47:51 UTC 2021
On Mon, 25 Jan 2021, Kontakt wrote:
> what about my case? ;)
> I have no certificate and also disconnects - I have PSK.
Please set ikelifetime=24h as well ? This is the default value in
libreswan 4.2 (which is pending release)
Paul
> pon., 25 sty 2021 o 16:05 Paul Wouters <paul at nohats.ca> napisał(a):
> On Mon, 25 Jan 2021, António Silva wrote:
>
> > I’m using PSK.
>
> > Putting extra debug now.
>
> If you are using PSK then the error CERTIFICATE_UNAVAILABLE from the
> remote peer makes no sense whatsoevef.
>
> RFC 2408 states:
>
> 3. Process the Certificate Request. If a requested Certificate Type
> with the specified Certificate Authority is not available, then
> the payload is discarded and the following actions are taken:
>
> (a) The event, CERTIFICATE-UNAVAILABLE, MAY be logged in the
> appropriate system audit file.
>
> (b) An Informational Exchange with a Notification payload
> containing the CERTIFICATE-UNAVAILABLE message type MAY be
> sent to the transmitting entity. This action is dictated by
> a system security policy.
>
>
> I guess your debugging will show if libreswan sent any CERT or CERTREQ
> payload that might have confused the other end ?
>
> Paul
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
>
>
>
More information about the Swan
mailing list