[Swan] No PARENT proposal selected
Bob Miller
bob at computerisms.ca
Fri Oct 9 16:18:25 UTC 2015
Hi Paul,
Thanks for the response.
>> I am trying to set up ikev2 with windows road warriors, but I am
>> having an error "No PARENT proposal selected".
>> Is there a clue as to what could be wrong when this message comes up?
>
> Probably you are having a mismatched AUTH scheme? You should not use EAP
> but "Machine Certificate".
I am definitely using machine certificate.
I have recreated the CA, firewall, and user cert. I have installed all
three certs on the firewall, and the CA has CTu,u,u and the fw and user
cert have u,u,u. I have ensured the cert on windows is installed in
local machine, and the CA is listed in the Trusted Root. I have ensured
the fw cert has a SAN and CN that matches its DNS name.
I am using the new format for the NSS DB sql:/etc/ipsec.d as specified
on the wiki, and I have compared my ipsec.conf to the ikev2 one on the
wiki as well.
Any other suggestions where I might look for the problem?
>
> Paul
More information about the Swan
mailing list