[Swan] Libreswan version 4.8 abort when connecting with ikev1 xauth with psk

Andrew Cagney andrew.cagney at gmail.com
Fri Oct 14 16:08:34 EEST 2022

On Fri, 14 Oct 2022 at 06:40, Tuomo Soini <tis at foobar.fi> wrote:
> On Thu, 13 Oct 2022 15:35:58 +0100
> António Silva <asilva at wirelessmundi.com> wrote:
> >  Found a commit that could be the fix for this issue:
> >
> > https://github.com/libreswan/libreswan/commit/bfd380014944b7efb3fbc181129bd34769993d3f
> >
> > Trying it now.
> If you need a quick fix, correct commit is
> https://github.com/libreswan/libreswan/commit/fa25a8da29091b582a9f45cd1757ed53c95e508e
> The commit you found is just better diagnostics for the issue.

Could you expand on your configuration a little.  I'm curious to know
if it is covered by one of the following:
- IKEv1 with MD5 as the IKE (ISAKMP) SA's PRF algorithm
- IKEv1 and libreswan built with USE_NSS_KDF=false (look for
native-PRF or native-KDF in logs)
The thing is, IKEv1, IKE=MD5, and USE_NSS_KDF=false are all obsolete.

More information about the Swan mailing list