[Swan] Libreswan version 4.8 abort when connecting with ikev1 xauth with psk

António Silva asilva at wirelessmundi.com
Mon Oct 17 11:53:11 EEST 2022

Hi Andrew,

Setting those parameters it doesn’t abort the connection, but I need to adjust remote side to be able to connect. 

For me the issue is fixed, using version 4.9, no need to change nothing from version 4.7.

If you need extra logs let me know.


> On 14 Oct 2022, at 14:08, Andrew Cagney <andrew.cagney at gmail.com> wrote:
> On Fri, 14 Oct 2022 at 06:40, Tuomo Soini <tis at foobar.fi <mailto:tis at foobar.fi>> wrote:
>> On Thu, 13 Oct 2022 15:35:58 +0100
>> António Silva <asilva at wirelessmundi.com> wrote:
>>> Found a commit that could be the fix for this issue:
>>> https://github.com/libreswan/libreswan/commit/bfd380014944b7efb3fbc181129bd34769993d3f
>>> Trying it now.
>> If you need a quick fix, correct commit is
>> https://github.com/libreswan/libreswan/commit/fa25a8da29091b582a9f45cd1757ed53c95e508e
>> The commit you found is just better diagnostics for the issue.
> Could you expand on your configuration a little.  I'm curious to know
> if it is covered by one of the following:
> - IKEv1 with MD5 as the IKE (ISAKMP) SA's PRF algorithm
> - IKEv1 and libreswan built with USE_NSS_KDF=false (look for
> native-PRF or native-KDF in logs)
> The thing is, IKEv1, IKE=MD5, and USE_NSS_KDF=false are all obsolete.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20221017/342803f9/attachment.htm>

More information about the Swan mailing list