[strongSwan] Small Problems with 5.2
Dirk Hartmann
dha at heise.de
Thu Jul 10 15:54:53 CEST 2014
Hi,
I hit two problems after upgrading to 5.2.
System on both sides is a Debian wheezy 64. Strongswan compiled with:
[client]
./configure --prefix=/usr --sysconfdir=/etc --enable-blowfish
--enable-curl --enable-openssl --disable-ikev1 --enable-ntru
[gateway]
./configure --prefix=/usr --sysconfdir=/etc --enable-blowfish
--enable-curl --enable-eap-radius --enable-ha --enable-openssl
--enable-xauth-eap --enable-eap-mschapv2 --enable-eap-identity
--enable-sql --enable-attr-sql --enable-sqlite --enable-xauth-noauth
--enable-ntru
1. I get this error on both systems after upgrade:
ipsec_starter[3318]: notifying watcher failed: Broken pipe
2. I had to roll back to 5.1.3 on the gateway because I couldn't
connect from other linux IKEv2 clients which authenticate via X.509
certificates.
I got: no trusted RSA public key found for NAME
On the other side IKEv1 connections from Mac/iOS with certificates and
IKEv2 connections from Windows clients with eap-mschapv2 had no
problems.
(No Win7 Client with IKEv2 and X509 certificates try to connect that
time)
As the gateway is in productive use I coudn't debug the problem for
long.
I have a second server with the same configuration that I can use to
dig deeper into the problem. What further information would you need,
what debug levels should I use?
All the while the gateway is back on 5.1.3 while my home client is
still on 5.2 and can connect despite the Broken Pipe error.
Best Regards
Dirk
More information about the Users
mailing list