[Swan-dev] What does "missing v2CP reply" mean?
Andrew Cagney
andrew.cagney at gmail.com
Fri Feb 16 02:44:48 EET 2024
> Feb 15 06:15:48 saledortvm2 pluto[70624]: "server01.cnf.com" #2: processing decrypted IKE_AUTH request: SK{IDi,CERT,AUTH,CP,SA,TSi,TSr}
notice how the client sent a CP payload in the request (CP_REQUEST to be exact).
but
> #2: missing v2CP reply, not attempting to setup child SA
> #1: IKE SA established but initiator rejected Child SA response
the responder never came back with a CP_RESPONSE, which is required to
create the Child SA. Hence no child leaving only the IKE SA.
What I'm not clear on is why the initiator asked for CP, and the
responder declined its request.
Andrew
More information about the Swan-dev
mailing list