[Swan-dev] What does "missing v2CP reply" mean?
Brady Johnson
bradyjoh at redhat.com
Fri Feb 16 16:41:38 EET 2024
Would it be more helpful to enable debug logging? Or is there some other
test that could be done to figure this out?
Regards,
*Brady Johnson*
Principal Software Engineer
Telco Verification Ecosystems Engineering
brady.johnson at redhat.com
On Fri, Feb 16, 2024 at 1:45 AM Andrew Cagney <andrew.cagney at gmail.com>
wrote:
> > Feb 15 06:15:48 saledortvm2 pluto[70624]: "server01.cnf.com" #2:
> processing decrypted IKE_AUTH request: SK{IDi,CERT,AUTH,CP,SA,TSi,TSr}
>
> notice how the client sent a CP payload in the request (CP_REQUEST to be
> exact).
>
> but
>
> > #2: missing v2CP reply, not attempting to setup child SA
> > #1: IKE SA established but initiator rejected Child SA response
>
> the responder never came back with a CP_RESPONSE, which is required to
> create the Child SA. Hence no child leaving only the IKE SA.
>
> What I'm not clear on is why the initiator asked for CP, and the
> responder declined its request.
>
> Andrew
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20240216/049bc8b2/attachment.htm>
More information about the Swan-dev
mailing list