Hi Andrew, Setting those parameters it doesn’t abort the connection, but I need to adjust remote side to be able to connect.
For me the issue is fixed, using version 4.9, no need to change nothing from version 4.7. If you need extra logs let me know. Thanks. > On 14 Oct 2022, at 14:08, Andrew Cagney <[email protected]> wrote: > > On Fri, 14 Oct 2022 at 06:40, Tuomo Soini <[email protected] > <mailto:[email protected]>> wrote: >> >> On Thu, 13 Oct 2022 15:35:58 +0100 >> António Silva <[email protected]> wrote: >> >>> Found a commit that could be the fix for this issue: >>> >>> https://github.com/libreswan/libreswan/commit/bfd380014944b7efb3fbc181129bd34769993d3f >>> >>> Trying it now. >> >> If you need a quick fix, correct commit is >> >> https://github.com/libreswan/libreswan/commit/fa25a8da29091b582a9f45cd1757ed53c95e508e >> >> The commit you found is just better diagnostics for the issue. > > Could you expand on your configuration a little. I'm curious to know > if it is covered by one of the following: > - IKEv1 with MD5 as the IKE (ISAKMP) SA's PRF algorithm > - IKEv1 and libreswan built with USE_NSS_KDF=false (look for > native-PRF or native-KDF in logs) > The thing is, IKEv1, IKE=MD5, and USE_NSS_KDF=false are all obsolete.
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
