[Swan] Libreswan version 4.8 abort when connecting with ikev1 xauth with psk
Andrew Cagney
andrew.cagney at gmail.com
Fri Oct 14 16:08:34 EEST 2022
On Fri, 14 Oct 2022 at 06:40, Tuomo Soini <tis at foobar.fi> wrote:
>
> On Thu, 13 Oct 2022 15:35:58 +0100
> António Silva <asilva at wirelessmundi.com> wrote:
>
> > Found a commit that could be the fix for this issue:
> >
> > https://github.com/libreswan/libreswan/commit/bfd380014944b7efb3fbc181129bd34769993d3f
> >
> > Trying it now.
>
> If you need a quick fix, correct commit is
>
> https://github.com/libreswan/libreswan/commit/fa25a8da29091b582a9f45cd1757ed53c95e508e
>
> The commit you found is just better diagnostics for the issue.
Could you expand on your configuration a little. I'm curious to know
if it is covered by one of the following:
- IKEv1 with MD5 as the IKE (ISAKMP) SA's PRF algorithm
- IKEv1 and libreswan built with USE_NSS_KDF=false (look for
native-PRF or native-KDF in logs)
The thing is, IKEv1, IKE=MD5, and USE_NSS_KDF=false are all obsolete.
More information about the Swan
mailing list