[Swan] No PARENT proposal selected
Paul Wouters
paul at nohats.ca
Fri Oct 9 16:28:14 UTC 2015
On Fri, 9 Oct 2015, Bob Miller wrote:
> I am definitely using machine certificate.
>
> I have recreated the CA, firewall, and user cert. I have installed all three
> certs on the firewall, and the CA has CTu,u,u and the fw and user cert have
> u,u,u. I have ensured the cert on windows is installed in local machine, and
> the CA is listed in the Trusted Root. I have ensured the fw cert has a SAN
> and CN that matches its DNS name.
>
> I am using the new format for the NSS DB sql:/etc/ipsec.d as specified on the
> wiki, and I have compared my ipsec.conf to the ikev2 one on the wiki as well.
>
> Any other suggestions where I might look for the problem?
Run with plutodebug=all and see what's going on?
Paul
More information about the Swan
mailing list