[Swan] No PARENT proposal selected

Bob Miller bob at computerisms.ca
Fri Oct 9 16:18:25 UTC 2015


Hi Paul,

Thanks for the response.

>> I am trying to set up ikev2 with windows road warriors, but I am
>> having an error "No PARENT proposal selected".
>> Is there a clue as to what could be wrong when this message comes up?
>
> Probably you are having a mismatched AUTH scheme? You should not use EAP
> but "Machine Certificate".

I am definitely using machine certificate.

I have recreated the CA, firewall, and user cert.  I have installed all 
three certs on the firewall, and the CA has CTu,u,u and the fw and user 
cert have u,u,u.  I have ensured the cert on windows is installed in 
local machine, and the CA is listed in the Trusted Root.  I have ensured 
the fw cert has a SAN and CN that matches its DNS name.

I am using the new format for the NSS DB sql:/etc/ipsec.d as specified 
on the wiki, and I have compared my ipsec.conf to the ikev2 one on the 
wiki as well.

Any other suggestions where I might look for the problem?

>
> Paul


More information about the Swan mailing list