<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hi,<div class=""><br class=""><div class="">I’m using PSK.</div><div class=""><br class=""></div><div class=""><div class="">My configuration:</div><div class=""><div class="">conn tunnel8-aggr</div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>aggrmode=yes</div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>also=tunnel8</div><div class=""><br class=""></div><div class="">conn tunnel8</div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>pfs=no</div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>type=tunnel</div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>auto=add</div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>ikev2=no</div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>phase2=esp</div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>authby=secret</div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>keyingtries=3</div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>ikelifetime=24h</div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>salifetime=1h</div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>left=92.211.123.17</div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>leftsubnet=0.0.0.0/0</div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span><a href="mailto:leftid=@xauth.remote.local" class="">leftid=@xauth.remote.local</a></div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>right=%any</div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>rightid=%any</div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>rightaddresspool=192.168.20.100-192.168.20.254</div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>dpddelay=30</div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>dpdtimeout=300</div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>dpdaction=clear</div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>leftxauthserver=yes</div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>rightxauthclient=yes</div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>leftmodecfgserver=yes</div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>rightmodecfgclient=yes</div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>modecfgpull=yes</div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>fragmentation=yes</div></div></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><div class="">Putting extra debug now.</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">
<div dir="auto" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">--<br class="Apple-interchange-newline">Saludos / Regards / Cumprimentos</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">António Silva</div><br class="Apple-interchange-newline"></div><br class="Apple-interchange-newline"><br class="Apple-interchange-newline">
</div>
<div><br class=""><blockquote type="cite" class=""><div class="">On 23 Jan 2021, at 16:19, Paul Wouters <<a href="mailto:paul@nohats.ca" class="">paul@nohats.ca</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">I see:<br class=""><br class="">Jan 22 17:34:54 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #10: ignoring informational payload CERTIFICATE_UNAVAILABLE, msgid=00000000, length=12<br class="">Jan 22 17:34:54 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #10: received and ignored notification payload: CERTIFICATE_UNAVAILABLE<br class=""><br class="">Why can’t it find a cert doing rekey ? Are you using certs or psk ?<br class=""><br class="">Maybe run with extra debugging and see if we sent a CERT payload in the initial response and not in the rekey reply ?<br class=""><br class=""><br class=""><br class=""><br class=""><br class="">Sent from my iPhone<br class=""><br class=""><blockquote type="cite" class="">On Jan 22, 2021, at 12:32, António Silva <<a href="mailto:asilva@wirelessmundi.com" class="">asilva@wirelessmundi.com</a>> wrote:<br class=""><br class="">Jan 22 17:34:54 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #10: ignoring informational payload CERTIFICATE_UNAVAILABLE, msgid=00000000, length=12<br class="">Jan 22 17:34:54 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #10: received and ignored notification payload: CERTIFICATE_UNAVAILABLE<br class=""></blockquote><br class=""></div></div></blockquote></div><br class=""></div></div></body></html>