shussain
commented
5 years ago What version of OSW are you using? Are you using PSK? Cert?
Is it possible for you to provide your ipsec configuration for the OSW side?
Open fahedhijazi opened 5 years ago
shussain
commented
5 years ago What version of OSW are you using? Are you using PSK? Cert?
Is it possible for you to provide your ipsec configuration for the OSW side?
fahedhijazi
commented
5 years ago I am using PSK/2.6.51.1.
I am using a cloudformation template to setup.
If you have access to an AWS environment, first create the stack custom-vpn-lab-public, then create the stack custom-vpn-lab-instances-public.
Only 2 supported regions in templates are us-east-1 and us-west-2.
custom-vpn-lab-instances-public.txt custom-vpn-lab-public.txt
shussain
commented
5 years ago Thank you for the information.
We are aware of some LIBNSS regression in 2.6.51 (and 2.6.51.1) and are working on resolving that.
As a workaround for now, I would recommend building OSW without LIBNSS since that has been more thoroughly tested.
fahedhijazi
commented
5 years ago Any insight on what the regressions are? If I can help let me know.
mcr
commented
5 years ago Fahed Hijazi notifications@github.com wrote:
Any insight on to what the regressions are? If I can help let me know.
Openswan 2.6.51 makes use of the knowledge of what private keys are
associated with public keys in order to orient connections.
LIBNSS does not interface to that part of the system, with the result that
Openswan does know it has a private key to sign with, and so gives up.
(There are other regressions in 2.6.51.1 relating to correct initialization
of LIBNSS, but there are fixes in the queue for that part already)
When using the LIBNSS flag on one end and not on the other, I am getting the error R2 failed to match authenticator. I encountered this with both openswan and strongswan clients.