[strongSwan] Small Problems with 5.2

[Noel Kuntze]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Dirk,

Can you please provide your strongswan.conf?

Regards,
Noel Kuntze

GPG Key id: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 10.07.2014 15:54, schrieb Dirk Hartmann:
> Hi,
>
> I hit two problems after upgrading to 5.2.
> System on both sides is a Debian wheezy 64. Strongswan compiled with:
> [client]
> ./configure --prefix=/usr --sysconfdir=/etc --enable-blowfish --enable-curl --enable-openssl --disable-ikev1 --enable-ntru
>
> [gateway]
> ./configure --prefix=/usr --sysconfdir=/etc --enable-blowfish --enable-curl --enable-eap-radius --enable-ha --enable-openssl --enable-xauth-eap --enable-eap-mschapv2 --enable-eap-identity --enable-sql --enable-attr-sql --enable-sqlite --enable-xauth-noauth --enable-ntru
>
> 1. I get this error on both systems after upgrade:
> ipsec_starter[3318]: notifying watcher failed: Broken pipe
>
> 2. I had to roll back to 5.1.3 on the gateway because I couldn't connect from other linux IKEv2 clients which authenticate via X.509 certificates.
> I got: no trusted RSA public key found for NAME
>
> On the other side IKEv1 connections from Mac/iOS with certificates and IKEv2 connections from Windows clients with eap-mschapv2 had no problems.
> (No Win7 Client with IKEv2 and X509 certificates try to connect that time)
>
> As the gateway is in productive use I coudn't debug the problem for long.
>
> I have a second server with the same configuration that I can use to dig deeper into the problem. What further information would you need, what debug levels should I use?
>
> All the while the gateway is back on 5.1.3 while my home client is still on 5.2 and can connect despite the Broken Pipe error.
>
> Best Regards
> Dirk
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTvsDcAAoJEDg5KY9j7GZY5NwQAJU4RfQJ763TjqYIGkMOZlzG
sg7U66+Fxwe39pzyr6qL/vrSBMyMDrogc4unvT6N3vfRduK24n7ZOqo+UjcsM62X
gJON8ODTNywIxP08zXm2zWkJwfXqr3H/ApBveVlMyPJ/9pBFe3o7vBoKN+XOJkrY
b8oqhHxOJ0LTu+N03U7GjFLPE/RVVg4LzRrRXQoAISiCo9te0kFjC5Ah3xjwpABz
zMFjt5fnKXN6nVvOboQSO7sAK9EHy0f6IqCQp6LApa809FBDrLvcOLd1Wes3K8L6
PD+PVRQKXtZhx8nBBo4sZAXCSTNDTlrTXfm8aMjzjNyJoqluga/qrj0o7NmsXqx9
wDYmNcSSwpqAiRT9fN8uHuMZK1m51ZD1anDM1+fzMbG33zkqwPKPKWbw8Rm8r1Xg
p8/iHpQqFtAf7lElaCHboUXffz+YDFM/iDTRb0W2XFqe73CWL85gNUvdA1XEAcB+
hwjcY/1cgWeK9mJzQ2zl1rB7vLP4TD6wtY4EjFvvXRNfx5VO1gwq/m2GI5gEWtS4
MNb3aGtJmrq9ZvztoqwWJ8NEp7Tz1axB14VxwyhEI998R+Hyf9sFcujHW+oPkBis
YlTrTXIqacObqcKf3q/gnUCgLK1OdFgp6bOHq+SGulKJ6w6pDXeDJr/GU8Uurjam
wC7poreK5XYAjGTnpO6/
=f+Xu
-----END PGP SIGNATURE-----