[Swan] No PARENT proposal selected

Paul Wouters paul at nohats.ca
Fri Oct 9 16:28:14 UTC 2015

On Fri, 9 Oct 2015, Bob Miller wrote:

> I am definitely using machine certificate.
> I have recreated the CA, firewall, and user cert.  I have installed all three 
> certs on the firewall, and the CA has CTu,u,u and the fw and user cert have 
> u,u,u.  I have ensured the cert on windows is installed in local machine, and 
> the CA is listed in the Trusted Root.  I have ensured the fw cert has a SAN 
> and CN that matches its DNS name.
> I am using the new format for the NSS DB sql:/etc/ipsec.d as specified on the 
> wiki, and I have compared my ipsec.conf to the ikev2 one on the wiki as well.
> Any other suggestions where I might look for the problem?

Run with plutodebug=all and see what's going on?


More information about the Swan mailing list